Vulnerability Description
The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Baxter | Spectrum Wireless Battery Module Firmware | >= 20d29, <= 20d32 |
| Baxter | Spectrum Wireless Battery Module | - |
| Baxter | Sigma Spectrum 35700Bax Firmware | - |
| Baxter | Sigma Spectrum 35700Bax | - |
| Baxter | Sigma Spectrum 35700Bax2 Firmware | - |
| Baxter | Sigma Spectrum 35700Bax2 | - |
| Baxter | Baxter Spectrum Iq 35700Bax3 Firmware | - |
| Baxter | Baxter Spectrum Iq 35700Bax3 | - |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xxBroken Link
- https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xxBroken Link
FAQ
What is CVE-2022-26392?
CVE-2022-26392 is a vulnerability with a CVSS score of 3.1 (LOW). The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker coul...
How severe is CVE-2022-26392?
CVE-2022-26392 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26392?
Check the references section above for vendor advisories and patch information. Affected products include: Baxter Spectrum Wireless Battery Module Firmware, Baxter Spectrum Wireless Battery Module, Baxter Sigma Spectrum 35700Bax Firmware, Baxter Sigma Spectrum 35700Bax, Baxter Sigma Spectrum 35700Bax2 Firmware.