#VU67150 Missing Authentication for Critical Function in Baxter products - CVE-2022-26394
Published: September 9, 2022
Vulnerability identifier: #VU67150
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-26394
CWE-ID: CWE-306
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Sigma Spectrum model 35700BAX
Sigma Spectrum model 35700BAX2
Baxter Spectrum IQ model 35700BAX3
Baxter Spectrum IQ LVP with Wireless Battery Modules
Sigma Spectrum LVP Wireless Battery Modules
Sigma Spectrum model 35700BAX
Sigma Spectrum model 35700BAX2
Baxter Spectrum IQ model 35700BAX3
Baxter Spectrum IQ LVP with Wireless Battery Modules
Sigma Spectrum LVP Wireless Battery Modules
Software vendor:
Baxter
Baxter
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected application does not perform mutual authentication with the gateway server host. A remote user on the local network can perform a machine-in-the-middle attack that modifies parameters and make the network connection fail.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.