Vulnerabilities > Baxter > Baxter Spectrum IQ 35700Bax3 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-09 | CVE-2022-26390 | Cleartext Storage of Sensitive Information vulnerability in Baxter products The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. | 4.2 |
| 2022-09-09 | CVE-2022-26392 | Use of Externally-Controlled Format String vulnerability in Baxter products The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. | 6.5 |
| 2022-09-09 | CVE-2022-26394 | Missing Authentication for Critical Function vulnerability in Baxter products The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. | 5.4 |