#VU67148 Format string error in Baxter products - CVE-2022-26392
Published: September 9, 2022
Vulnerability identifier: #VU67148
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-26392
CWE-ID: CWE-134
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Sigma Spectrum model 35700BAX
Sigma Spectrum model 35700BAX2
Baxter Spectrum IQ model 35700BAX3
Baxter Spectrum IQ LVP with Wireless Battery Modules
Sigma Spectrum LVP Wireless Battery Modules
Sigma Spectrum model 35700BAX
Sigma Spectrum model 35700BAX2
Baxter Spectrum IQ model 35700BAX3
Baxter Spectrum IQ LVP with Wireless Battery Modules
Sigma Spectrum LVP Wireless Battery Modules
Software vendor:
Baxter
Baxter
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a format string error within the application messaging when in superuser mode. A remote user can read memory in the WBM and access sensitive information.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.