PT-2019-7183 · Hospira · Hospira Symbiq Infusion System+2

Publicado

2019-03-25

·

Atualizado

2019-10-09

·

CVE-2015-3954

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Hospira Plum A+ Infusion System versions 13.4 and prior Hospira Plum A+3 Infusion System versions 13.6 and prior Hospira Symbiq Infusion System version 3.13 and prior
Description The issue allows unauthenticated users to gain root privileges on the affected devices via Port 23/TELNET by default. This could enable an unauthorized user to issue commands to the pump.
Recommendations For Hospira Plum A+ Infusion System versions 13.4 and prior, close Port 23/TELNET on the affected devices. For Hospira Plum A+3 Infusion System versions 13.6 and prior, close Port 23/TELNET on the affected devices. For Hospira Symbiq Infusion System version 3.13 and prior, close Port 23/TELNET on the affected devices.

Correção

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285

Identificadores relacionados

CVE-2015-3954

Produtos afetados

Hospira Plum A+ Infusion System
Hospira Plum A+3 Infusion System
Hospira Symbiq Infusion System