Cyber Resilience

CVE-2022-26392

Low

Published: 09 September 2022

Published
09 September 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0026 50.2th percentile
Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-26392 is a low-severity Use of Externally-Controlled Format String (CWE-134) vulnerability in Baxter Spectrum Wireless Battery Module Firmware. Its CVSS base score is 3.1 (Low).

Operationally, ranked in the top 49.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to…

more

access sensitive information.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

baxter
spectrum wireless battery module firmware
16, 16d38, 17, 17d19 · 20d29 — 20d32
baxter
sigma spectrum 35700bax firmware
all versions
baxter
sigma spectrum 35700bax2 firmware
all versions
baxter
baxter spectrum iq 35700bax3 firmware
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References