CVE-2022-26390

The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.
References
Link Resource
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01 Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*
cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:53

Type Values Removed Values Added
References () https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - Third Party Advisory, US Government Resource () https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - Third Party Advisory, US Government Resource

11 Jul 2023, 14:40

Type Values Removed Values Added
CWE CWE-311 CWE-312

15 Sep 2022, 16:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.2
CWE CWE-311
CPE cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*
References
  • (MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01 - Third Party Advisory, US Government Resource
References (MISC) https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - (MISC) https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - Third Party Advisory, US Government Resource

09 Sep 2022, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-09 15:15

Updated : 2024-11-21 06:53


NVD link : CVE-2022-26390

Mitre link : CVE-2022-26390

CVE.ORG link : CVE-2022-26390


JSON object : View

Products Affected

baxter

  • spectrum_wireless_battery_module
  • baxter_spectrum_iq_35700bax3
  • sigma_spectrum_35700bax2_firmware
  • baxter_spectrum_iq_35700bax3_firmware
  • sigma_spectrum_35700bax_firmware
  • sigma_spectrum_35700bax2
  • spectrum_wireless_battery_module_firmware
  • sigma_spectrum_35700bax
CWE
CWE-311

Missing Encryption of Sensitive Data

CWE-312

Cleartext Storage of Sensitive Information