CVSS: 4.2EPSS: 0%CPEs: 13EXPL: 0CVE-2022-26390 – Unencrypted internal storage of security credentials
https://notcve.org/view.php?id=CVE-2022-26390
09 Sep 2022 — The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information. El Módulo de Batería Inalámbrica (WBM) de Baxter Spectrum almacena credenciales de red y PHI (sólo aplicable a las bombas Spectrum IQ que usan programación automática) de forma no cifrada. Un atacante con acc... • https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01 • CWE-311: Missing Encryption of Sensitive Data CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-26392 – Format String vulnerability
https://notcve.org/view.php?id=CVE-2022-26392
09 Sep 2022 — The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information. Baxter Spectrum WBM (v16, v16D38) y Baxter Spectrum WBM (v17, v17D19, v20D29 a v20D32) cuando están en modo superusuario son susceptibles de ataques de cadena de formato por medio de mensajes de aplicación. Un atacante podría usar esto para l... • https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-26394 – Unauthenticated network reconfiguration via TCP/UDP
https://notcve.org/view.php?id=CVE-2022-26394
09 Sep 2022 — The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail. Baxter Spectrum WBM no lleva a cabo una autenticación mutua con el host del servidor de la pasarela. Esto puede permitir a un atacante llevar a cabo un ataque de hombre en el medio que modifique los parámetros haciendo que la conexión de red falle • https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5431
https://notcve.org/view.php?id=CVE-2014-5431
26 Mar 2019 — Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the pha... • https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5432
https://notcve.org/view.php?id=CVE-2014-5432
26 Mar 2019 — Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. B... • https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01 • CWE-287: Improper Authentication CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5433
https://notcve.org/view.php?id=CVE-2014-5433
26 Mar 2019 — An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Un atacante remoto no autenticado podría ser capaz de ejecutar com... • https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01 • CWE-255: Credentials Management Errors CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5434
https://notcve.org/view.php?id=CVE-2014-5434
26 Mar 2019 — Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Baxter SIGMA Spectrum Infusion System 6.05 (modelo 35700BAX), con un módulo de batería inalámbrica (WBM)... • https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •