PT-2019-7184 · Hospira · Hospira Symbiq Infusion System+2
Published
2019-03-25
·
Updated
2019-10-09
·
CVE-2015-3956
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Hospira Plum A+ Infusion System versions 13.4 and prior
Hospira Plum A+3 Infusion System versions 13.6 and prior
Hospira Symbiq Infusion System version 3.13 and prior
Description
The issue allows unauthorized devices on the host network to send drug libraries, firmware updates, pump commands, and make configuration changes to the affected infusion systems without authentication.
Recommendations
For Hospira Plum A+ Infusion System versions 13.4 and prior, close Port 20/FTP and Port 23/TELNET on the affected devices.
For Hospira Plum A+3 Infusion System versions 13.6 and prior, close Port 20/FTP and Port 23/TELNET on the affected devices.
For Hospira Symbiq Infusion System version 3.13 and prior, close Port 20/FTP and Port 23/TELNET on the affected devices.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hospira Plum A+ Infusion System
Hospira Plum A+3 Infusion System
Hospira Symbiq Infusion System