CVE-2022-26390

The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01	Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware::::::::
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware::::::::
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:::::::*
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:::::::*
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:::::::*
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:::::::*

cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*

History

11 Jul 2023, 14:40

Type	Values Removed	Values Added
CWE	~~CWE-311~~	CWE-312

15 Sep 2022, 16:46

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.2
CWE		CWE-311
CPE		cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:::::::* cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:::::::* cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:::::::* cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:::::::* cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:::::::* cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:::::::* cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:::::::* cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:::::::* cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:::::::* cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:::::::* cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:::::::: cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:::::::*
References		(MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01 - Third Party Advisory, US Government Resource
References	~~(MISC) https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx -~~	(MISC) https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - Third Party Advisory, US Government Resource

09 Sep 2022, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-09 15:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-26390

Mitre link : CVE-2022-26390

CVE.ORG link : CVE-2022-26390

JSON object : View

Products Affected

baxter

sigma_spectrum_35700bax2_firmware
sigma_spectrum_35700bax
spectrum_wireless_battery_module_firmware
spectrum_wireless_battery_module
baxter_spectrum_iq_35700bax3
baxter_spectrum_iq_35700bax3_firmware
sigma_spectrum_35700bax_firmware
sigma_spectrum_35700bax2

CWE

CWE-312

Cleartext Storage of Sensitive Information

CWE-311

Missing Encryption of Sensitive Data

4.2 /10