CVE-2022-26392 Vulnerability Details

  /     /     /  

CVE-2022-26392 Metadata Quick Info

CVE Published: 09/09/2022 | CVE Updated: 17/09/2024 | CVE Year: 2022
Source: Baxter | Vendor: Baxter | Product: Baxter Spectrum Wireless Battery Module (WBM)
Status : PUBLISHED

---

CVE-2022-26392 Description

The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.

Metrics

CVSS Version: 3.1 | Base Score: 3.1 LOW
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-134
CWE Name: CWE-134 Use of Externally-Controlled Format String
Source: Baxter

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).