Format string error in Baxter products - CVE-2022-26393

 

Format string error in Baxter products - CVE-2022-26393

Published: September 9, 2022


Vulnerability identifier: #VU67149
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-26393
CWE-ID: CWE-134
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Baxter
Affected software:
Sigma Spectrum model 35700BAX
Sigma Spectrum model 35700BAX2
Baxter Spectrum IQ model 35700BAX3
Sigma Spectrum LVP Wireless Battery Modules
Baxter Spectrum IQ LVP with Wireless Battery Modules

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a format string error within the application messaging. A remote user can read memory in the WBM and access sensitive information or cause a denial of service (DoS) condition on the system.


How to mitigate CVE-2022-26393

Install update from vendor's website.

Sources