Format string error in Baxter products - CVE-2022-26393
Published: September 9, 2022
Vulnerability identifier: #VU67149
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-26393
CWE-ID: CWE-134
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Sigma Spectrum model 35700BAX
Sigma Spectrum model 35700BAX2
Baxter Spectrum IQ model 35700BAX3
Sigma Spectrum LVP Wireless Battery Modules
Baxter Spectrum IQ LVP with Wireless Battery Modules
Sigma Spectrum model 35700BAX
Sigma Spectrum model 35700BAX2
Baxter Spectrum IQ model 35700BAX3
Sigma Spectrum LVP Wireless Battery Modules
Baxter Spectrum IQ LVP with Wireless Battery Modules
Software vendor:
Baxter
Baxter
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a format string error within the application messaging. A remote user can read memory in the WBM and access sensitive information or cause a denial of service (DoS) condition on the system.
Remediation
Install update from vendor's website.