CVE-2022-26394 - OpenCVE

The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Baxter	Sigma Spectrum 35700bax Firmware Sigma Spectrum 35700bax Sigma Spectrum 35700bax2 Firmware Baxter Spectrum Iq 35700bax3 Firmware Spectrum Wireless Battery Module Firmware Sigma Spectrum 35700bax2 Baxter Spectrum Iq 35700bax3 Spectrum Wireless Battery Module

Configuration 1 [-]

AND

OR	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware::::::::
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:::::::*
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:::::::*
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:::::::*
	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:::::::*

cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01	Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx	Broken Link

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Baxter

Published: 2022-09-08T00:00:00

Updated: 2022-09-09T14:40:05

Reserved: 2022-03-03T00:00:00

Link: CVE-2022-26394

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-09T15:15:09.697

Modified: 2022-09-16T16:47:46.440

Link: CVE-2022-26394

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"containers": {"cna": {"affected": [{"product": "Baxter Spectrum Wireless Battery Module (WBM)", "vendor": "Baxter", "versions": [{"status": "affected", "version": "16 "}, {"status": "affected", "version": "16D38 "}, {"status": "affected", "version": "17 "}, {"status": "affected", "version": "17D19 "}, {"status": "affected", "version": "20D29 "}, {"status": "affected", "version": "20D30 "}, {"status": "affected", "version": "20D31 "}, {"status": "affected", "version": "20D32 "}]}], "datePublic": "2022-09-08T00:00:00", "descriptions": [{"lang": "en", "value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-09T14:40:05", "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa", "shortName": "Baxter"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"}], "source": {"discovery": "EXTERNAL"}, "title": "Unauthenticated network reconfiguration via TCP/UDP", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productsecurity@baxter.com", "DATE_PUBLIC": "2022-09-08T22:03:00.000Z", "ID": "CVE-2022-26394", "STATE": "PUBLIC", "TITLE": "Unauthenticated network reconfiguration via TCP/UDP"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Baxter Spectrum Wireless Battery Module (WBM)", "version": {"version_data": [{"version_affected": "=", "version_name": "16", "version_value": " "}, {"version_affected": "=", "version_name": "16D38", "version_value": " "}, {"version_affected": "=", "version_name": "17", "version_value": " "}, {"version_affected": "=", "version_name": "17D19", "version_value": " "}, {"version_affected": "=", "version_name": "20D29", "version_value": " "}, {"version_affected": "=", "version_name": "20D30", "version_value": " "}, {"version_affected": "=", "version_name": "20D31", "version_value": " "}, {"version_affected": "=", "version_name": "20D32", "version_value": " "}]}}]}, "vendor_name": "Baxter"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-306 Missing Authentication for Critical Function"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa", "assignerShortName": "Baxter", "cveId": "CVE-2022-26394", "datePublished": "2022-09-08T00:00:00", "dateReserved": "2022-03-03T00:00:00", "dateUpdated": "2022-09-09T14:40:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "34DB00B2-DE3D-4D7B-9F03-35060096C37C", "versionEndIncluding": "20d32", "versionStartIncluding": "20d29", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*", "matchCriteriaId": "719496E8-9020-456F-8CCC-FDFE10CF2820", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*", "matchCriteriaId": "03DA9071-305A-4319-9807-1BD6F9EB8FDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*", "matchCriteriaId": "4C68B374-58AD-4E71-9B83-3CA0241B8A4A", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*", "matchCriteriaId": "85202DB1-56E1-43C6-81BC-C141862D72C0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*", "matchCriteriaId": "15E8AA9C-1024-482D-8636-551486698A8C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1354B2D0-A259-4832-BB3D-BD9C157FB5C0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*", "matchCriteriaId": "2EAFF022-6879-4734-9AEB-DE45E6E235DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2715381-CA8F-416B-B9AD-9CDBDC181338", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*", "matchCriteriaId": "576C9566-DA3F-43E8-B4E8-C5DEF3B06696", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89AFD13D-97D8-40A5-B36B-9B65229302B1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*", "matchCriteriaId": "71D6364A-9707-4BB0-8808-AF3314026A79", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."}, {"lang": "es", "value": "Baxter Spectrum WBM no lleva a cabo una autenticaci\u00f3n mutua con el host del servidor de la pasarela. Esto puede permitir a un atacante llevar a cabo un ataque de hombre en el medio que modifique los par\u00e1metros haciendo que la conexi\u00f3n de red falle"}], "id": "CVE-2022-26394", "lastModified": "2022-09-16T16:47:46.440", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "productsecurity@baxter.com", "type": "Secondary"}]}, "published": "2022-09-09T15:15:09.697", "references": [{"source": "nvd@nist.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01"}, {"source": "productsecurity@baxter.com", "tags": ["Broken Link"], "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"}], "sourceIdentifier": "productsecurity@baxter.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "productsecurity@baxter.com", "type": "Secondary"}]}