CVE-2022-26392

The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*
cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:53

Type Values Removed Values Added
References () https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - Broken Link () https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - Broken Link
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 3.1

15 Sep 2022, 16:45

Type Values Removed Values Added
References
  • (MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01 - Third Party Advisory, US Government Resource
References (MISC) https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - (MISC) https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - Broken Link
CPE cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CWE CWE-134

09 Sep 2022, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-09 15:15

Updated : 2024-11-21 06:53


NVD link : CVE-2022-26392

Mitre link : CVE-2022-26392

CVE.ORG link : CVE-2022-26392


JSON object : View

Products Affected

baxter

  • spectrum_wireless_battery_module
  • baxter_spectrum_iq_35700bax3
  • sigma_spectrum_35700bax2_firmware
  • baxter_spectrum_iq_35700bax3_firmware
  • sigma_spectrum_35700bax_firmware
  • sigma_spectrum_35700bax2
  • spectrum_wireless_battery_module_firmware
  • sigma_spectrum_35700bax
CWE
CWE-134

Use of Externally-Controlled Format String