4.2
CVE-2022-26390
- EPSS 0.42%
- Veröffentlicht 09.09.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 06:53:53
- Quelle productsecurity@baxter.com
- CVE-Watchlists
- Unerledigt
LoginUnencrypted internal storage of security credentials
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Baxter ≫ Spectrum Wireless Battery Module Firmware Version >= 20d29 <= 20d32
Baxter ≫ Spectrum Wireless Battery Module Firmware Version >= 22d19 <= 22d28
Baxter ≫ Spectrum Wireless Battery Module Firmware Version16
Baxter ≫ Spectrum Wireless Battery Module Firmware Version16d38
Baxter ≫ Spectrum Wireless Battery Module Firmware Version17
Baxter ≫ Spectrum Wireless Battery Module Firmware Version17d19
Baxter ≫ Sigma Spectrum 35700bax Firmware Version-
Baxter ≫ Sigma Spectrum 35700bax2 Firmware Version-
Baxter ≫ Baxter Spectrum Iq 35700bax3 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.337 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.2 | 0.5 | 3.6 |
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| productsecurity@baxter.com | 4.2 | 0.5 | 3.6 |
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-311 Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx
https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01