PT-2019-7182 · Hospira · Hospira Symbiq Infusion System+2

Published

2019-03-25

Updated

2019-10-09

CVE-2015-3953

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Hospira Plum A+ Infusion System versions 13.4 and prior Hospira Plum A+3 Infusion System versions 13.6 and prior Hospira Symbiq Infusion System version 3.13 and prior

Description The issue allows access to the system through hard-coded accounts. To mitigate this, closing specific ports is recommended. There are no reported real-world incidents or estimated numbers of affected devices provided.

Recommendations For Hospira Plum A+ Infusion System versions 13.4 and prior, close Port 20/FTP and Port 23/TELNET. For Hospira Plum A+3 Infusion System versions 13.6 and prior, close Port 20/FTP and Port 23/TELNET. For Hospira Symbiq Infusion System version 3.13 and prior, close Port 20/FTP and Port 23/TELNET.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-259

Related Identifiers

CVE-2015-3953

Affected Products

Hospira Plum A+ Infusion System

Hospira Plum A+3 Infusion System

Hospira Symbiq Infusion System

PT-2019-7182 · Hospira · Hospira Symbiq Infusion System+2

CVE-2015-3953

Weakness Enumeration

Related Identifiers

Affected Products

References · 2