Vulnerability Details : CVE-2022-26393
The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2022-26393
- cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:20d29:*:*:*:*:*:*:*
- cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-26393
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-26393
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
2.8
|
5.2
|
NIST | |
|
5.0
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
1.6
|
3.4
|
Baxter |
CWE ids for CVE-2022-26393
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by:
- nvd@nist.gov (Primary)
- productsecurity@baxter.com (Secondary)
References for CVE-2022-26393
-
https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01
Baxter Sigma Spectrum Infusion Pump | CISAThird Party Advisory;US Government Resource
Jump to