CVE-2022-26393

The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:20d29:*:*:*:*:*:*:*
cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:53

Type Values Removed Values Added
References () https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - Broken Link () https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - Broken Link
CVSS v2 : unknown
v3 : 8.1
v2 : unknown
v3 : 5.0

15 Sep 2022, 15:50

Type Values Removed Values Added
CWE CWE-134
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.1
CPE cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:20d29:*:*:*:*:*:*:*
cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*
References
  • (MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01 - Third Party Advisory, US Government Resource
References (MISC) https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - (MISC) https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - Broken Link

09 Sep 2022, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-09 15:15

Updated : 2024-11-21 06:53


NVD link : CVE-2022-26393

Mitre link : CVE-2022-26393

CVE.ORG link : CVE-2022-26393


JSON object : View

Products Affected

baxter

  • spectrum_wireless_battery_module
  • baxter_spectrum_iq_35700bax3
  • sigma_spectrum_35700bax2_firmware
  • baxter_spectrum_iq_35700bax3_firmware
  • sigma_spectrum_35700bax_firmware
  • sigma_spectrum_35700bax2
  • spectrum_wireless_battery_module_firmware
  • sigma_spectrum_35700bax
CWE
CWE-134

Use of Externally-Controlled Format String