CVE-2016-8355

Name of the Vulnerable Software and Affected Versions CADD-Solis Medication Safety Software versions 1.0 through 3.1

Description The issue allows an authenticated user to gain elevated privileges on the SQL database. This could enable the user to modify drug libraries, add and delete users, and change user permissions. It is noted that physical access to the pump is required to install drug library updates.

Recommendations For versions 1.0 through 3.1, restrict access to the SQL database to prevent unauthorized modifications and changes to user permissions. As a temporary workaround, consider limiting user permissions to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.