CVE-2022-26392

LOW

Baxter Spectrum WBM - Format String

Title source: llm

Description

The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.

References (2)

[Broken Link] https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx

[Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01

Scores

CVSS v3 3.1

EPSS 0.0026

EPSS Percentile 49.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-134

Status published

Products (8)

baxter/baxter_spectrum_iq_35700bax3_firmware

baxter/sigma_spectrum_35700bax2_firmware

baxter/sigma_spectrum_35700bax_firmware

baxter/spectrum_wireless_battery_module_firmware 16

baxter/spectrum_wireless_battery_module_firmware 16d38

baxter/spectrum_wireless_battery_module_firmware 17

baxter/spectrum_wireless_battery_module_firmware 17d19

baxter/spectrum_wireless_battery_module_firmware 20d29 - 20d32

Published Sep 09, 2022

Tracked Since Feb 18, 2026