Vulnerability Description
The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Baxter | Spectrum Wireless Battery Module Firmware | >= 20d29, <= 20d32 |
| Baxter | Spectrum Wireless Battery Module | - |
| Baxter | Sigma Spectrum 35700Bax Firmware | - |
| Baxter | Sigma Spectrum 35700Bax | - |
| Baxter | Sigma Spectrum 35700Bax2 Firmware | - |
| Baxter | Sigma Spectrum 35700Bax2 | - |
| Baxter | Baxter Spectrum Iq 35700Bax3 Firmware | - |
| Baxter | Baxter Spectrum Iq 35700Bax3 | - |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xxBroken Link
- https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xxBroken Link
FAQ
What is CVE-2022-26394?
CVE-2022-26394 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the networ...
How severe is CVE-2022-26394?
CVE-2022-26394 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26394?
Check the references section above for vendor advisories and patch information. Affected products include: Baxter Spectrum Wireless Battery Module Firmware, Baxter Spectrum Wireless Battery Module, Baxter Sigma Spectrum 35700Bax Firmware, Baxter Sigma Spectrum 35700Bax, Baxter Sigma Spectrum 35700Bax2 Firmware.