CVE-2022-26390

Summary

The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.

Affected Software

VendorProductVersion RangeStatus
BaxterBaxter Spectrum Wireless Battery Module (WBM)16affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)16D38affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)17affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)17D19affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)20D29affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)20D30affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)20D31affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)20D32affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)22D19affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)22D20affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)22D21affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)22D22affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)22D23affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)22D24affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)22D25affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)22D26affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)22D27affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)22D28affected

Weaknesses

  • CWE-311: CWE-311 Missing Encryption of Sensitive Data

ADP Enrichment

CVE Program Container

Additional References

References