Description
The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- Baxter / Baxter Spectrum Wireless Battery Module (WBM)16 – 16
- Baxter / Baxter Spectrum Wireless Battery Module (WBM)16D38 – 16D38
- Baxter / Baxter Spectrum Wireless Battery Module (WBM)17 – 17
- Baxter / Baxter Spectrum Wireless Battery Module (WBM)17D19 – 17D19
- Baxter / Baxter Spectrum Wireless Battery Module (WBM)20D29 – 20D29
- Baxter / Baxter Spectrum Wireless Battery Module (WBM)20D30 – 20D30
- Baxter / Baxter Spectrum Wireless Battery Module (WBM)20D31 – 20D31
- Baxter / Baxter Spectrum Wireless Battery Module (WBM)20D32 – 20D32
References
- VENDOR_ADVISORYhttps://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx