5.5
CVE-2022-26394
- EPSS 0.09%
- Veröffentlicht 09.09.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 06:53:54
- Quelle productsecurity@baxter.com
- CVE-Watchlists
- Unerledigt
LoginThe Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Baxter ≫ Spectrum Wireless Battery Module Firmware Version >= 20d29 <= 20d32
Baxter ≫ Spectrum Wireless Battery Module Firmware Version16
Baxter ≫ Spectrum Wireless Battery Module Firmware Version16d38
Baxter ≫ Spectrum Wireless Battery Module Firmware Version17
Baxter ≫ Spectrum Wireless Battery Module Firmware Version17d19
Baxter ≫ Sigma Spectrum 35700bax Firmware Version-
Baxter ≫ Sigma Spectrum 35700bax2 Firmware Version-
Baxter ≫ Baxter Spectrum Iq 35700bax3 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.25 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
|
| productsecurity@baxter.com | 5.5 | 2.1 | 3.4 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.