PT-2019-7182 · Hospira · Hospira Symbiq Infusion System+2

Publicado

2019-03-25

Atualizado

2019-10-09

CVE-2015-3953

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Hospira Plum A+ Infusion System versions 13.4 and prior Hospira Plum A+3 Infusion System versions 13.6 and prior Hospira Symbiq Infusion System version 3.13 and prior

Description The issue allows access to the system through hard-coded accounts. To mitigate this, closing specific ports is recommended. There are no reported real-world incidents or estimated numbers of affected devices provided.

Recommendations For Hospira Plum A+ Infusion System versions 13.4 and prior, close Port 20/FTP and Port 23/TELNET. For Hospira Plum A+3 Infusion System versions 13.6 and prior, close Port 20/FTP and Port 23/TELNET. For Hospira Symbiq Infusion System version 3.13 and prior, close Port 20/FTP and Port 23/TELNET.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798CWE-259

Identificadores relacionados

CVE-2015-3953

Produtos afetados

Hospira Plum A+ Infusion System

Hospira Plum A+3 Infusion System

Hospira Symbiq Infusion System

PT-2019-7182 · Hospira · Hospira Symbiq Infusion System+2

CVE-2015-3953

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2