CVE-2022-26392

The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx	Broken Link
https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:::::::*
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:::::::*
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:::::::*
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:::::::*
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware::::::::

cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*

Information

Published : 2022-09-09 08:15

Updated : 2022-09-15 09:45

NVD link : CVE-2022-26392

Mitre link : CVE-2022-26392

JSON object : View

CWE

CWE-134

Use of Externally-Controlled Format String

Products Affected

baxter

spectrum_wireless_battery_module_firmware
sigma_spectrum_35700bax2
baxter_spectrum_iq_35700bax3_firmware
spectrum_wireless_battery_module
baxter_spectrum_iq_35700bax3
sigma_spectrum_35700bax2_firmware
sigma_spectrum_35700bax
sigma_spectrum_35700bax_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx", "name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx", "tags": ["Broken Link"], "refsource": "MISC"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01", "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-134"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-26392", "ASSIGNER": "productsecurity@baxter.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2022-09-09T15:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "20d32", "versionStartIncluding": "20d29"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-09-15T16:45Z"}

6.5 /10