#VU67147 Missing Encryption of Sensitive Data in Baxter products - CVE-2022-26390
Published: September 9, 2022
Vulnerability identifier: #VU67147
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-26390
CWE-ID: CWE-311
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Sigma Spectrum model 35700BAX
Sigma Spectrum model 35700BAX2
Baxter Spectrum IQ model 35700BAX3
Sigma Spectrum LVP Wireless Battery Modules
Baxter Spectrum IQ LVP with Wireless Battery Modules
Sigma Spectrum model 35700BAX
Sigma Spectrum model 35700BAX2
Baxter Spectrum IQ model 35700BAX3
Sigma Spectrum LVP Wireless Battery Modules
Baxter Spectrum IQ LVP with Wireless Battery Modules
Software vendor:
Baxter
Baxter
Description
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected application stores network credentials and patient health information (PHI) in unencrypted form. An attacker with physical access can gain unauthorized access to sensitive information on the system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.