CVE-2022-26392 - OpenCVE

The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Baxter	Sigma Spectrum 35700bax Firmware Sigma Spectrum 35700bax Sigma Spectrum 35700bax2 Firmware Baxter Spectrum Iq 35700bax3 Firmware Spectrum Wireless Battery Module Firmware Sigma Spectrum 35700bax2 Baxter Spectrum Iq 35700bax3 Spectrum Wireless Battery Module

Configuration 1 [-]

AND

OR	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware::::::::
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:::::::*
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:::::::*
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:::::::*
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:::::::*

cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01	Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx	Broken Link

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Baxter

Published: 2022-09-08T00:00:00

Updated: 2022-09-09T14:40:06

Reserved: 2022-03-03T00:00:00

Link: CVE-2022-26392

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-09T15:15:09.543

Modified: 2022-09-15T16:45:03.847

Link: CVE-2022-26392

JSON object: View

Redhat Information

No data.

CWE

CWE-134

{"containers": {"cna": {"affected": [{"product": "Baxter Spectrum Wireless Battery Module (WBM)", "vendor": "Baxter", "versions": [{"status": "affected", "version": "16 "}, {"status": "affected", "version": "16D38 "}, {"status": "affected", "version": "17 "}, {"status": "affected", "version": "17D19 "}, {"status": "affected", "version": "20D29 "}, {"status": "affected", "version": "20D30 "}, {"status": "affected", "version": "20D31 "}, {"status": "affected", "version": "20D32 "}]}], "datePublic": "2022-09-08T00:00:00", "descriptions": [{"lang": "en", "value": "The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-09T14:40:06", "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa", "shortName": "Baxter"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"}], "source": {"discovery": "EXTERNAL"}, "title": "Format String vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productsecurity@baxter.com", "DATE_PUBLIC": "2022-09-08T22:03:00.000Z", "ID": "CVE-2022-26392", "STATE": "PUBLIC", "TITLE": "Format String vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Baxter Spectrum Wireless Battery Module (WBM)", "version": {"version_data": [{"version_affected": "=", "version_name": "16", "version_value": " "}, {"version_affected": "=", "version_name": "16D38", "version_value": " "}, {"version_affected": "=", "version_name": "17", "version_value": " "}, {"version_affected": "=", "version_name": "17D19", "version_value": " "}, {"version_affected": "=", "version_name": "20D29", "version_value": " "}, {"version_affected": "=", "version_name": "20D30", "version_value": " "}, {"version_affected": "=", "version_name": "20D31", "version_value": " "}, {"version_affected": "=", "version_name": "20D32", "version_value": " "}]}}]}, "vendor_name": "Baxter"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-134 Use of Externally-Controlled Format String"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa", "assignerShortName": "Baxter", "cveId": "CVE-2022-26392", "datePublished": "2022-09-08T00:00:00", "dateReserved": "2022-03-03T00:00:00", "dateUpdated": "2022-09-09T14:40:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "34DB00B2-DE3D-4D7B-9F03-35060096C37C", "versionEndIncluding": "20d32", "versionStartIncluding": "20d29", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*", "matchCriteriaId": "719496E8-9020-456F-8CCC-FDFE10CF2820", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*", "matchCriteriaId": "03DA9071-305A-4319-9807-1BD6F9EB8FDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*", "matchCriteriaId": "4C68B374-58AD-4E71-9B83-3CA0241B8A4A", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*", "matchCriteriaId": "85202DB1-56E1-43C6-81BC-C141862D72C0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*", "matchCriteriaId": "15E8AA9C-1024-482D-8636-551486698A8C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1354B2D0-A259-4832-BB3D-BD9C157FB5C0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*", "matchCriteriaId": "2EAFF022-6879-4734-9AEB-DE45E6E235DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2715381-CA8F-416B-B9AD-9CDBDC181338", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*", "matchCriteriaId": "576C9566-DA3F-43E8-B4E8-C5DEF3B06696", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89AFD13D-97D8-40A5-B36B-9B65229302B1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*", "matchCriteriaId": "71D6364A-9707-4BB0-8808-AF3314026A79", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information."}, {"lang": "es", "value": "Baxter Spectrum WBM (v16, v16D38) y Baxter Spectrum WBM (v17, v17D19, v20D29 a v20D32) cuando est\u00e1n en modo superusuario son susceptibles de ataques de cadena de formato por medio de mensajes de aplicaci\u00f3n. Un atacante podr\u00eda usar esto para leer la memoria del WBM y acceder a informaci\u00f3n confidencial"}], "id": "CVE-2022-26392", "lastModified": "2022-09-15T16:45:03.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "productsecurity@baxter.com", "type": "Secondary"}]}, "published": "2022-09-09T15:15:09.543", "references": [{"source": "nvd@nist.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01"}, {"source": "productsecurity@baxter.com", "tags": ["Broken Link"], "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"}], "sourceIdentifier": "productsecurity@baxter.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-134"}], "source": "productsecurity@baxter.com", "type": "Secondary"}]}