PT-2019-7181 · Hospira · Hospira Symbiq Infusion System+2
Published
2019-03-25
·
Updated
2019-10-09
·
CVE-2015-3952
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Hospira Plum A+ Infusion System versions 13.4 and prior
Hospira Plum A+3 Infusion System versions 13.6 and prior
Hospira Symbiq Infusion System versions 3.13 and prior
Description
The issue concerns the storage of wireless keys in plain text. To mitigate the risk, it is recommended to close Port 20/FTP and Port 23/TELNET on the affected devices.
Recommendations
For Hospira Plum A+ Infusion System versions 13.4 and prior, close Port 20/FTP and Port 23/TELNET.
For Hospira Plum A+3 Infusion System versions 13.6 and prior, close Port 20/FTP and Port 23/TELNET.
For Hospira Symbiq Infusion System versions 3.13 and prior, close Port 20/FTP and Port 23/TELNET.
Fix
Cleartext Storage of Sensitive Information
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hospira Plum A+ Infusion System
Hospira Plum A+3 Infusion System
Hospira Symbiq Infusion System