CVE-2022-26390

The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.2 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
BaxterCNA
4.2 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
baxterspectrum_wireless_battery_module_firmware
20d29 ≤
𝑥
≤ 20d32
baxterspectrum_wireless_battery_module_firmware
22d19 ≤
𝑥
≤ 22d28
baxtersigma_spectrum_35700bax_firmware
-
baxtersigma_spectrum_35700bax2_firmware
-
baxterbaxter_spectrum_iq_35700bax3_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx
https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx