CVE-2022-26392

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-26392
The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01 Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx Broken Link
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*
cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*
History

15 Sep 2022, 16:45

Type Values Removed Values Added
CWE CWE-134
First Time Baxter sigma Spectrum 35700bax Firmware
Baxter sigma Spectrum 35700bax2
Baxter baxter Spectrum Iq 35700bax3
Baxter baxter Spectrum Iq 35700bax3 Firmware
Baxter sigma Spectrum 35700bax2 Firmware
Baxter spectrum Wireless Battery Module
Baxter sigma Spectrum 35700bax
Baxter
Baxter spectrum Wireless Battery Module Firmware
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
References
  • (MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01 - Third Party Advisory, US Government Resource
References (MISC) https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - (MISC) https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - Broken Link
CPE cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*
cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*
cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*

09 Sep 2022, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-09-09 15:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-26392

Mitre link : CVE-2022-26392

CVE.ORG link : CVE-2022-26392

JSON object : View

Products Affected

baxter

  • spectrum_wireless_battery_module_firmware
  • spectrum_wireless_battery_module
  • baxter_spectrum_iq_35700bax3_firmware
  • sigma_spectrum_35700bax2
  • baxter_spectrum_iq_35700bax3
  • sigma_spectrum_35700bax_firmware
  • sigma_spectrum_35700bax
  • sigma_spectrum_35700bax2_firmware
CWE
CWE-134

Use of Externally-Controlled Format String