CVE-2022-26394: Unauthenticated network reconfiguration via TCP/UDP
First published: Fri Sep 09 2022(Updated: )
The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.
Credit: productsecurity@baxter.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Baxter Spectrum Wireless Battery Module | >=20d29<=20d32 | |
| Baxter Spectrum Wireless Battery Module | =16 | |
| Baxter Spectrum Wireless Battery Module | =16d38 | |
| Baxter Spectrum Wireless Battery Module | =17 | |
| Baxter Spectrum Wireless Battery Module | =17d19 | |
| Baxter Spectrum Wireless Battery Module Firmware | ||
| Baxter Sigma Spectrum Infusion System Firmware | ||
| Baxter Sigma Spectrum 35700bax Firmware | ||
| Baxter Sigma Spectrum 35700bax2 | ||
| Baxter Sigma Spectrum 35700bax2 Firmware | ||
| Baxter Spectrum IQ 35700BAX3 Firmware | ||
| Baxter Sigma Spectrum Infusion System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-26394?
CVE-2022-26394 has been rated as a significant risk due to its potential for enabling man-in-the-middle attacks.
How do I fix CVE-2022-26394?
To remediate CVE-2022-26394, ensure mutual authentication is implemented between the Baxter Spectrum WBM and the gateway server.
What are the affected software versions for CVE-2022-26394?
CVE-2022-26394 affects Baxter Spectrum Wireless Battery Module firmware versions 20d29 through 20d32, and versions 16, 16d38, and 17, 17d19.
What types of attacks are possible due to CVE-2022-26394?
CVE-2022-26394 could allow attackers to conduct man-in-the-middle attacks, potentially compromising data integrity.
Is my device vulnerable if it uses Baxter Spectrum Wireless Battery Module?
Devices using the affected versions of Baxter Spectrum Wireless Battery Module firmware are vulnerable under CVE-2022-26394.
- agent/type
- agent/references
- agent/title
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/baxter
- canonical/baxter spectrum wireless battery module
- version/baxter spectrum wireless battery module/20d29
- version/baxter spectrum wireless battery module/20d32
- version/baxter spectrum wireless battery module/16
- version/baxter spectrum wireless battery module/16d38
- version/baxter spectrum wireless battery module/17
- version/baxter spectrum wireless battery module/17d19
- canonical/baxter spectrum wireless battery module firmware
- canonical/baxter sigma spectrum infusion system firmware
- canonical/baxter sigma spectrum 35700bax firmware
- canonical/baxter sigma spectrum 35700bax2
- canonical/baxter sigma spectrum 35700bax2 firmware
- canonical/baxter spectrum iq 35700bax3 firmware
- canonical/baxter sigma spectrum infusion system