CVE-2022-26390

MEDIUM

Baxter Spectrum WBM - Info Disclosure

Title source: llm

Description

The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.

References (2)

[Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx

[Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01

Scores

CVSS v3 4.2

EPSS 0.0005

EPSS Percentile 15.9%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-312 CWE-311

Status published

Products (8)

baxter/baxter_spectrum_iq_35700bax3_firmware

baxter/sigma_spectrum_35700bax2_firmware

baxter/sigma_spectrum_35700bax_firmware

baxter/spectrum_wireless_battery_module_firmware 16

baxter/spectrum_wireless_battery_module_firmware 16d38

baxter/spectrum_wireless_battery_module_firmware 17

baxter/spectrum_wireless_battery_module_firmware 17d19

baxter/spectrum_wireless_battery_module_firmware 20d29 - 20d32

Published Sep 09, 2022

Tracked Since Feb 18, 2026