PT-2019-7184 · Hospira · Hospira Symbiq Infusion System+2

Publicado

2019-03-25

·

Atualizado

2019-10-09

·

CVE-2015-3956

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Hospira Plum A+ Infusion System versions 13.4 and prior Hospira Plum A+3 Infusion System versions 13.6 and prior Hospira Symbiq Infusion System version 3.13 and prior
Description The issue allows unauthorized devices on the host network to send drug libraries, firmware updates, pump commands, and make configuration changes to the affected infusion systems without authentication.
Recommendations For Hospira Plum A+ Infusion System versions 13.4 and prior, close Port 20/FTP and Port 23/TELNET on the affected devices. For Hospira Plum A+3 Infusion System versions 13.6 and prior, close Port 20/FTP and Port 23/TELNET on the affected devices. For Hospira Symbiq Infusion System version 3.13 and prior, close Port 20/FTP and Port 23/TELNET on the affected devices.

Correção

Insufficient Verification of Data Authenticity

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-345

Identificadores relacionados

CVE-2015-3956

Produtos afetados

Hospira Plum A+ Infusion System
Hospira Plum A+3 Infusion System
Hospira Symbiq Infusion System