PT-2019-7183 · Hospira · Hospira Symbiq Infusion System+2

Published

2019-03-25

·

Updated

2019-10-09

·

CVE-2015-3954

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Hospira Plum A+ Infusion System versions 13.4 and prior Hospira Plum A+3 Infusion System versions 13.6 and prior Hospira Symbiq Infusion System version 3.13 and prior
Description The issue allows unauthenticated users to gain root privileges on the affected devices via Port 23/TELNET by default. This could enable an unauthorized user to issue commands to the pump.
Recommendations For Hospira Plum A+ Infusion System versions 13.4 and prior, close Port 23/TELNET on the affected devices. For Hospira Plum A+3 Infusion System versions 13.6 and prior, close Port 23/TELNET on the affected devices. For Hospira Symbiq Infusion System version 3.13 and prior, close Port 23/TELNET on the affected devices.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

CVE-2015-3954

Affected Products

Hospira Plum A+ Infusion System
Hospira Plum A+3 Infusion System
Hospira Symbiq Infusion System