CVE-2022-26394
5.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) | 16 | affected |
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) | 16D38 | affected |
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) | 17 | affected |
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) | 17D19 | affected |
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) | 20D29 | affected |
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) | 20D30 | affected |
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) | 20D31 | affected |
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) | 20D32 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.