Vulnerability Description
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Baxter | Spectrum Wireless Battery Module Firmware | >= 20d29, <= 20d32 |
| Baxter | Spectrum Wireless Battery Module | - |
| Baxter | Sigma Spectrum 35700Bax Firmware | - |
| Baxter | Sigma Spectrum 35700Bax | - |
| Baxter | Sigma Spectrum 35700Bax2 Firmware | - |
| Baxter | Sigma Spectrum 35700Bax2 | - |
| Baxter | Baxter Spectrum Iq 35700Bax3 Firmware | - |
| Baxter | Baxter Spectrum Iq 35700Bax3 | - |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xxThird Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xxThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2022-26390?
CVE-2022-26390 is a vulnerability with a CVSS score of 4.2 (MEDIUM). The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access...
How severe is CVE-2022-26390?
CVE-2022-26390 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26390?
Check the references section above for vendor advisories and patch information. Affected products include: Baxter Spectrum Wireless Battery Module Firmware, Baxter Spectrum Wireless Battery Module, Baxter Sigma Spectrum 35700Bax Firmware, Baxter Sigma Spectrum 35700Bax, Baxter Sigma Spectrum 35700Bax2 Firmware.