Description
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx
Third Party Advisory, US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01
Scores
CVSS v3
4.2
EPSS
0.0042
EPSS Percentile
33.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
CWE-311
Status
published
Products (8)
baxter/baxter_spectrum_iq_35700bax3_firmware
baxter/sigma_spectrum_35700bax2_firmware
baxter/sigma_spectrum_35700bax_firmware
baxter/spectrum_wireless_battery_module_firmware
16
baxter/spectrum_wireless_battery_module_firmware
16d38
baxter/spectrum_wireless_battery_module_firmware
17
baxter/spectrum_wireless_battery_module_firmware
17d19
baxter/spectrum_wireless_battery_module_firmware
20d29 - 20d32
Published
Sep 09, 2022
Tracked Since
Feb 18, 2026