CVE-2022-26393

The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx	Broken Link
https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01	Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:20d29:*:*:*:*:*:*:*

cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:53

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.1~~	v2 : unknown v3 : 5.0
References	~~() https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - Broken Link~~	() https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx - Broken Link

Information

Published : 2022-09-09 15:15

Updated : 2024-11-21 06:53

NVD link : CVE-2022-26393

Mitre link : CVE-2022-26393

CVE.ORG link : CVE-2022-26393

JSON object : View

Products Affected

baxter

sigma_spectrum_35700bax
spectrum_wireless_battery_module_firmware
sigma_spectrum_35700bax2
baxter_spectrum_iq_35700bax3_firmware
sigma_spectrum_35700bax2_firmware
sigma_spectrum_35700bax_firmware
spectrum_wireless_battery_module
baxter_spectrum_iq_35700bax3

CWE

CWE-134

Use of Externally-Controlled Format String

{"id": "CVE-2022-26393", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productsecurity@baxter.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2022-09-09T15:15:09.620", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx", "tags": ["Broken Link"], "source": "productsecurity@baxter.com"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "nvd@nist.gov"}, {"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productsecurity@baxter.com", "description": [{"lang": "en", "value": "CWE-134"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM."}, {"lang": "es", "value": "Baxter Spectrum WBM es susceptible de ataques de cadena de formato por medio de la mensajer\u00eda de la aplicaci\u00f3n. Un atacante podr\u00eda usar esto para leer la memoria del WBM y acceder a informaci\u00f3n confidencial o causar una Denegaci\u00f3n de Servicio (DoS) en el WBM"}], "lastModified": "2024-11-21T06:53:54.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:20d29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D4ABC78-1BCC-41E7-B21B-12783B90B551"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "15E8AA9C-1024-482D-8636-551486698A8C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1354B2D0-A259-4832-BB3D-BD9C157FB5C0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2EAFF022-6879-4734-9AEB-DE45E6E235DE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2715381-CA8F-416B-B9AD-9CDBDC181338"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "576C9566-DA3F-43E8-B4E8-C5DEF3B06696"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89AFD13D-97D8-40A5-B36B-9B65229302B1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "71D6364A-9707-4BB0-8808-AF3314026A79"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productsecurity@baxter.com"}