CVE-2022-26394

Summary

The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.

Affected Software

VendorProductVersion RangeStatus
BaxterBaxter Spectrum Wireless Battery Module (WBM)16affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)16D38affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)17affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)17D19affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)20D29affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)20D30affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)20D31affected
BaxterBaxter Spectrum Wireless Battery Module (WBM)20D32affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

References