CVE-2022-26390

Name: CVE-2022-26390
Creator: NVD / NIST
Published: 2022-09-09T15:15:09.453+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.2/10EPSS 0.42%

Last modified Jun 17, 2026

CVE-2022-26390 is a medium-severity vulnerability rated 4.2/10 on the CVSS scale. The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.

Description

The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.

Metrics

CVSS 3.1

4.2/10

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.42%

33.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Baxter	Spectrum Wireless Battery Module Firmware	>= 20d29, <= 20d32
Baxter	Spectrum Wireless Battery Module Firmware	>= 22d19, <= 22d28
Baxter	Spectrum Wireless Battery Module Firmware	16
Baxter	Spectrum Wireless Battery Module Firmware	16d38
Baxter	Spectrum Wireless Battery Module Firmware	17
Baxter	Spectrum Wireless Battery Module Firmware	17d19
Baxter	Sigma Spectrum 35700bax Firmware	All versions
Baxter	Sigma Spectrum 35700bax2 Firmware	All versions
Baxter	Baxter Spectrum Iq 35700bax3 Firmware	All versions

References

https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xxThird Party Advisory, US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01Third Party Advisory, US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xxThird Party Advisory, US Government Resource

Timeline

Published: Sep 9, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-26390?

How severe is CVE-2022-26390?

CVE-2022-26390 has a CVSS score of 4.2/10 (MEDIUM severity). The EPSS model estimates a 0.42% probability of exploitation in the next 30 days.

How do I fix CVE-2022-26390?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-26390?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST