CVE-2022-26392

Summary

The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.

Affected Software

VendorProductVersion RangeStatus
BaxterBaxter Spectrum Wireless Battery Module (WBM)16affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)16D38affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)17affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)17D19affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)20D29affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)20D30affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)20D31affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)20D32affected

Weaknesses

  • CWE-134: CWE-134 Use of Externally-Controlled Format String

ADP Enrichment

CVE Program Container

Additional References

References