CVE-2022-26392 (GCVE-0-2022-26392)
Vulnerability from cvelistv5
Published
2022-09-09 14:40
Modified
2024-09-17 02:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-134 - Use of Externally-Controlled Format String
Summary
The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) |
Version: 16 Version: 16D38 Version: 17 Version: 17D19 Version: 20D29 Version: 20D30 Version: 20D31 Version: 20D32 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter Spectrum Wireless Battery Module (WBM)",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "16D38"
},
{
"status": "affected",
"version": "17"
},
{
"status": "affected",
"version": "17D19"
},
{
"status": "affected",
"version": "20D29"
},
{
"status": "affected",
"version": "20D30"
},
{
"status": "affected",
"version": "20D31"
},
{
"status": "affected",
"version": "20D32"
}
]
}
],
"datePublic": "2022-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:40:06.000Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Format String vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@baxter.com",
"DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
"ID": "CVE-2022-26392",
"STATE": "PUBLIC",
"TITLE": "Format String vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "16",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "16D38",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17D19",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D29",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D30",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D31",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D32",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Baxter"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-134 Use of Externally-Controlled Format String"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26392",
"datePublished": "2022-09-09T14:40:06.166Z",
"dateReserved": "2022-03-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:43.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…