CVE-2022-26390
4.2
Vector
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 0.5 / Impact: 3.6
Source: NVD
Description
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.
Affected (9)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 20d29 to 20d32 |
| Running on/with | Platform Versions |
|---|---|
Baxter Spectrum Wireless Battery Module | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Baxter Sigma Spectrum 35700bax | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Baxter Sigma Spectrum 35700bax2 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Baxter Baxter Spectrum Iq 35700bax3 | All versions |
Related CWEs
CWE-311
Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
References (3)
Source: productsecurity@baxter.com
Third Party AdvisoryUS Government Resource
Source: nvd@nist.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.