Unencrypted Storage of Network Credentials and PHI in Baxter Spectrum Wireless Battery Module

Unencrypted Storage of Network Credentials and PHI in Baxter Spectrum Wireless Battery Module

CVE-2022-26390 · MEDIUM Severity

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.

Learn more about our Network Penetration Testing.