Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for Symbiq Infusion System by Hospira

    VAR-201903-0657

    Vulnerability from variot - Updated: 2024-11-23 22:55

    Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function. Hospira Symbiq Infusion System Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Hospira Symbiq Infusion System is prone to an unauthorized-access vulnerability. Attackers can exploit this issue in conjunction with previously identified vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Hospira Symbiq Infusion System 3.13 and prior are vulnerable. Hospira Symbiq Infusion System is an intelligent infusion system developed by Hospira, USA. An unauthorized access vulnerability exists in Hospira Symbiq Infusion System 3.13 and earlier

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0657",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "symbiq infusion system",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "pfizer",
            "version": "3.13"
          },
          {
            "model": "symbiq infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hospira",
            "version": "3.13"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "75983"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008238"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3965"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:pfizer:symbiq_infusion_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008238"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Billy Rios",
        "sources": [
          {
            "db": "BID",
            "id": "75983"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-744"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2015-3965",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2015-3965",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-81926",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2015-3965",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-3965",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-3965",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201507-744",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-81926",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81926"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008238"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-744"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3965"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function. Hospira Symbiq Infusion System Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Hospira Symbiq Infusion System is prone to an unauthorized-access vulnerability. \nAttackers can exploit this issue in conjunction with previously identified vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. \nHospira Symbiq Infusion System 3.13 and prior are vulnerable. Hospira Symbiq Infusion System is an intelligent infusion system developed by Hospira, USA. An unauthorized access vulnerability exists in Hospira Symbiq Infusion System 3.13 and earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-3965"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008238"
          },
          {
            "db": "BID",
            "id": "75983"
          },
          {
            "db": "VULHUB",
            "id": "VHN-81926"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-3965",
            "trust": 2.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-174-01",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008238",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-744",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "75983",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-81926",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81926"
          },
          {
            "db": "BID",
            "id": "75983"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008238"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-744"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3965"
          }
        ]
      },
      "id": "VAR-201903-0657",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81926"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:55:38.522000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "TopPage",
            "trust": 0.8,
            "url": "https://www.pfizerinjectables.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008238"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81926"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008238"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3965"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-174-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3965"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3965"
          },
          {
            "trust": 0.3,
            "url": "http://www.hospira.com/en/support_center/customer_communications/symbiq"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81926"
          },
          {
            "db": "BID",
            "id": "75983"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008238"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-744"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3965"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-81926"
          },
          {
            "db": "BID",
            "id": "75983"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008238"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-744"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3965"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-81926"
          },
          {
            "date": "2015-07-21T00:00:00",
            "db": "BID",
            "id": "75983"
          },
          {
            "date": "2019-04-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-008238"
          },
          {
            "date": "2015-07-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201507-744"
          },
          {
            "date": "2019-03-23T20:29:00.193000",
            "db": "NVD",
            "id": "CVE-2015-3965"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-81926"
          },
          {
            "date": "2015-07-21T00:00:00",
            "db": "BID",
            "id": "75983"
          },
          {
            "date": "2019-04-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-008238"
          },
          {
            "date": "2019-04-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201507-744"
          },
          {
            "date": "2024-11-21T02:30:09.823000",
            "db": "NVD",
            "id": "CVE-2015-3965"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-744"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hospira Symbiq Infusion System Vulnerabilities related to authorization, permissions, and access control",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008238"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-744"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201903-0654

    Vulnerability from variot - Updated: 2024-11-23 21:37

    Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Multiple Hospira Products are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0654",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "plum a\\+3 infusion system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "pifzer",
            "version": "13.6"
          },
          {
            "model": "plum a\\+ infusion system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "pifzer",
            "version": "13.4"
          },
          {
            "model": "symbiq infusion system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "pifzer",
            "version": "3.13"
          },
          {
            "model": "symbiq infusion system",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "pfizer",
            "version": "3.13"
          },
          {
            "model": "plum a+ infusion system",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "hospira",
            "version": "13.4"
          },
          {
            "model": "plum a+3 infusion system",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "hospira",
            "version": "13.6"
          },
          {
            "model": "symbiq infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hospira",
            "version": "3.13"
          },
          {
            "model": "plum a+3 infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hospira",
            "version": "13.6"
          },
          {
            "model": "plum a+ infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hospira",
            "version": "13.4"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "75135"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008248"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3953"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:pfizer:symbiq_infusion_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:hospira:plum_a%2B_lifecare_system",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:hospira:plum_a%2B3_lifecare_system",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008248"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Billy Rios",
        "sources": [
          {
            "db": "BID",
            "id": "75135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-474"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2015-3953",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-3953",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-81914",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-3953",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-3953",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-3953",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201506-474",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-81914",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-3953",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3953"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-474"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3953"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Multiple Hospira Products are prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-3953"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008248"
          },
          {
            "db": "BID",
            "id": "75135"
          },
          {
            "db": "VULHUB",
            "id": "VHN-81914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3953"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-3953",
            "trust": 2.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-161-01",
            "trust": 2.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008248",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-474",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "75135",
            "trust": 0.5
          },
          {
            "db": "VULHUB",
            "id": "VHN-81914",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3953",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3953"
          },
          {
            "db": "BID",
            "id": "75135"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-474"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3953"
          }
        ]
      },
      "id": "VAR-201903-0654",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81914"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:37:35.676000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.pfizer.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008248"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81914"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008248"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3953"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-161-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3953"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3953"
          },
          {
            "trust": 0.3,
            "url": "http://www.hospira.com/en/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/75135"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3953"
          },
          {
            "db": "BID",
            "id": "75135"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-474"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3953"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-81914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3953"
          },
          {
            "db": "BID",
            "id": "75135"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-474"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3953"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-81914"
          },
          {
            "date": "2019-03-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-3953"
          },
          {
            "date": "2015-06-10T00:00:00",
            "db": "BID",
            "id": "75135"
          },
          {
            "date": "2019-05-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-008248"
          },
          {
            "date": "2015-06-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201506-474"
          },
          {
            "date": "2019-03-25T17:29:00.623000",
            "db": "NVD",
            "id": "CVE-2015-3953"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-81914"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-3953"
          },
          {
            "date": "2015-06-10T00:00:00",
            "db": "BID",
            "id": "75135"
          },
          {
            "date": "2019-05-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-008248"
          },
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201506-474"
          },
          {
            "date": "2024-11-21T02:30:08.053000",
            "db": "NVD",
            "id": "CVE-2015-3953"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-474"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Hospira Product Vulnerabilities related to the use of hard-coded credentials",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008248"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-474"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201903-0655

    Vulnerability from variot - Updated: 2024-11-23 21:37

    Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Multiple Hospira products are prone to an authorization security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. An issue in the Hospira Plum A+ and Symbiq Infusion Systems could allow an unauthenticated, remote malicious user to execute arbitrary commands of an affected system.

    The issue exists because the affected software uses an improper mechanism to perform authorization checks on port 23/Telnet by default. An unauthenticated, remote attacker could exploit this issue by transmitting arbitrary commands on the affected system using a vulnerable port. A successful exploit could allow the malicious user to execute arbitrary commands and modify the configuration of the pump on an affected system with root-level privileges.

    ICS-CERT has confirmed the vulnerability; however, updated software is not available

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0655",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "plum a\\+3 infusion system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "pifzer",
            "version": "13.6"
          },
          {
            "model": "plum a\\+ infusion system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "pifzer",
            "version": "13.4"
          },
          {
            "model": "symbiq infusion system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "pifzer",
            "version": "3.13"
          },
          {
            "model": "symbiq infusion system",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "pfizer",
            "version": "3.13"
          },
          {
            "model": "plum a+ infusion system",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "hospira",
            "version": "13.4"
          },
          {
            "model": "plum a+3 infusion system",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "hospira",
            "version": "13.6"
          },
          {
            "model": "symbiq infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hospira",
            "version": "3.13"
          },
          {
            "model": "plum a+3 infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hospira",
            "version": "13.6"
          },
          {
            "model": "plum a+ infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hospira",
            "version": "13.4"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "75137"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008249"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3954"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:pfizer:symbiq_infusion_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:hospira:plum_a%2B_lifecare_system",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:hospira:plum_a%2B3_lifecare_system",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008249"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Billy Rios",
        "sources": [
          {
            "db": "BID",
            "id": "75137"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-473"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2015-3954",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-3954",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-81915",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-3954",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-3954",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-3954",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201506-473",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-81915",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-3954",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81915"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-473"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3954"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Multiple Hospira products are prone to an authorization security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. An issue in the Hospira Plum A+ and Symbiq Infusion Systems could allow an unauthenticated, remote malicious user to execute arbitrary commands of an affected system. \n\nThe issue exists because the affected software uses an improper mechanism to perform authorization checks on port 23/Telnet by default. An unauthenticated, remote attacker could exploit this issue by transmitting arbitrary commands on the affected system using a vulnerable port. A successful exploit could allow the malicious user to execute arbitrary commands and modify the configuration of the pump on an affected system with root-level privileges. \n\nICS-CERT has confirmed the vulnerability; however, updated software is not available",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-3954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008249"
          },
          {
            "db": "BID",
            "id": "75137"
          },
          {
            "db": "VULHUB",
            "id": "VHN-81915"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3954"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-3954",
            "trust": 2.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-161-01",
            "trust": 2.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008249",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-473",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "75137",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-81915",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3954",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81915"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3954"
          },
          {
            "db": "BID",
            "id": "75137"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-473"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3954"
          }
        ]
      },
      "id": "VAR-201903-0655",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81915"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:37:35.643000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.pfizer.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008249"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-285",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81915"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008249"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3954"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-161-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3954"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3954"
          },
          {
            "trust": 0.3,
            "url": "http://www.hospira.com/en/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/285.html"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39312"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81915"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3954"
          },
          {
            "db": "BID",
            "id": "75137"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-473"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3954"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-81915"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3954"
          },
          {
            "db": "BID",
            "id": "75137"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-473"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3954"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-81915"
          },
          {
            "date": "2019-03-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-3954"
          },
          {
            "date": "2015-06-10T00:00:00",
            "db": "BID",
            "id": "75137"
          },
          {
            "date": "2019-05-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-008249"
          },
          {
            "date": "2015-06-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201506-473"
          },
          {
            "date": "2019-03-25T17:29:00.670000",
            "db": "NVD",
            "id": "CVE-2015-3954"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-81915"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-3954"
          },
          {
            "date": "2015-06-10T00:00:00",
            "db": "BID",
            "id": "75137"
          },
          {
            "date": "2019-05-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-008249"
          },
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201506-473"
          },
          {
            "date": "2024-11-21T02:30:08.203000",
            "db": "NVD",
            "id": "CVE-2015-3954"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-473"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Hospira Product Authorization vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008249"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-473"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201903-0653

    Vulnerability from variot - Updated: 2024-11-23 21:37

    Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Multiple Hospira products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Information disclosure vulnerabilities exist in several Hospira products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0653",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "plum a\\+3 infusion system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "pifzer",
            "version": "13.6"
          },
          {
            "model": "plum a\\+ infusion system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "pifzer",
            "version": "13.4"
          },
          {
            "model": "symbiq infusion system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "pifzer",
            "version": "3.13"
          },
          {
            "model": "symbiq infusion system",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "pfizer",
            "version": "3.13"
          },
          {
            "model": "plum a+ infusion system",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "hospira",
            "version": "13.4"
          },
          {
            "model": "plum a+3 infusion system",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "hospira",
            "version": "13.6"
          },
          {
            "model": "symbiq infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hospira",
            "version": "3.13"
          },
          {
            "model": "plum a+3 infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hospira",
            "version": "13.6"
          },
          {
            "model": "plum a+ infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hospira",
            "version": "13.4"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "75134"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008247"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3952"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:pfizer:symbiq_infusion_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:hospira:plum_a%2B_lifecare_system",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:hospira:plum_a%2B3_lifecare_system",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008247"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Billy Rios",
        "sources": [
          {
            "db": "BID",
            "id": "75134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-471"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2015-3952",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-3952",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-81913",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-3952",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-3952",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-3952",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201506-471",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-81913",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81913"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008247"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3952"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Multiple Hospira products are prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may lead to further attacks. Information disclosure vulnerabilities exist in several Hospira products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-3952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008247"
          },
          {
            "db": "BID",
            "id": "75134"
          },
          {
            "db": "VULHUB",
            "id": "VHN-81913"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-3952",
            "trust": 2.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-161-01",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008247",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-471",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "75134",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-81913",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81913"
          },
          {
            "db": "BID",
            "id": "75134"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008247"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3952"
          }
        ]
      },
      "id": "VAR-201903-0653",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81913"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:37:35.613000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.pfizer.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008247"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-312",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81913"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008247"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3952"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-161-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3952"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3952"
          },
          {
            "trust": 0.3,
            "url": "http://www.hospira.com/en/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81913"
          },
          {
            "db": "BID",
            "id": "75134"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008247"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3952"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-81913"
          },
          {
            "db": "BID",
            "id": "75134"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008247"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3952"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-81913"
          },
          {
            "date": "2015-06-11T00:00:00",
            "db": "BID",
            "id": "75134"
          },
          {
            "date": "2019-05-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-008247"
          },
          {
            "date": "2015-06-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201506-471"
          },
          {
            "date": "2019-03-25T16:29:00.303000",
            "db": "NVD",
            "id": "CVE-2015-3952"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-81913"
          },
          {
            "date": "2015-06-11T00:00:00",
            "db": "BID",
            "id": "75134"
          },
          {
            "date": "2019-05-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-008247"
          },
          {
            "date": "2019-04-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201506-471"
          },
          {
            "date": "2024-11-21T02:30:07.903000",
            "db": "NVD",
            "id": "CVE-2015-3952"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-471"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Hospira Product Vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008247"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201506-471"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2015-3956 (GCVE-0-2015-3956)

    Vulnerability from nvd – Published: 2019-03-25 17:44 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
    Severity
    No CVSS data available.
    CWE
    • CWE-345 - Insufficient verification of data authenticity CWE-345
    Assigner
    References
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:02.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Plum A+ Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.4"
                }
              ]
            },
            {
              "product": "Plum A+3 Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.6"
                }
              ]
            },
            {
              "product": "Symbiq Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 3.13"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "Insufficient verification of data authenticity CWE-345",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-25T17:44:44.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2015-3956",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Plum A+ Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Plum A+3 Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Symbiq Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 3.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hospira"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insufficient verification of data authenticity CWE-345"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2015-3956",
        "datePublished": "2019-03-25T17:44:44.000Z",
        "dateReserved": "2015-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:02.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3954 (GCVE-0-2015-3954)

    Vulnerability from nvd – Published: 2019-03-25 16:12 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
    Severity
    No CVSS data available.
    CWE
    • CWE-285 - Improper authorization CWE-285
    Assigner
    References
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:01.128Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Plum A+ Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.4"
                }
              ]
            },
            {
              "product": "Plum A+3 Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.6"
                }
              ]
            },
            {
              "product": "Symbiq Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 3.13"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper authorization CWE-285",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-25T16:12:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2015-3954",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Plum A+ Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Plum A+3 Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Symbiq Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 3.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hospira"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper authorization CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2015-3954",
        "datePublished": "2019-03-25T16:12:01.000Z",
        "dateReserved": "2015-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:01.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3953 (GCVE-0-2015-3953)

    Vulnerability from nvd – Published: 2019-03-25 16:02 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
    Severity
    No CVSS data available.
    CWE
    • CWE-259 - Use of hard-coded password CWE-259
    Assigner
    References
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:00.957Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Plum A+ Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.4"
                }
              ]
            },
            {
              "product": "Plum A+3 Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.6"
                }
              ]
            },
            {
              "product": "Symbiq Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 3.13"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "Use of hard-coded password CWE-259",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-25T16:02:25.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2015-3953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Plum A+ Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Plum A+3 Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Symbiq Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 3.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hospira"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of hard-coded password CWE-259"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2015-3953",
        "datePublished": "2019-03-25T16:02:25.000Z",
        "dateReserved": "2015-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:00.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3952 (GCVE-0-2015-3952)

    Vulnerability from nvd – Published: 2019-03-25 15:42 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
    Severity
    No CVSS data available.
    CWE
    • CWE-312 - Cleartext storage of sensitive information CWE-312
    Assigner
    References
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:01.121Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Plum A+ Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.4"
                }
              ]
            },
            {
              "product": "Plum A+3 Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.6"
                }
              ]
            },
            {
              "product": "Symbiq Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 3.13"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "Cleartext storage of sensitive information CWE-312",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-25T15:42:39.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2015-3952",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Plum A+ Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Plum A+3 Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Symbiq Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 3.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hospira"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cleartext storage of sensitive information CWE-312"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2015-3952",
        "datePublished": "2019-03-25T15:42:39.000Z",
        "dateReserved": "2015-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:01.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3965 (GCVE-0-2015-3965)

    Vulnerability from nvd – Published: 2019-03-23 19:23 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hospira Symbiq Infusion System Affected: 3.13 and earlier
    Create a notification for this product.
    Date Public
    2015-07-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:02.807Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symbiq Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2015-07-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-23T19:23:49.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2015-3965",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symbiq Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.13 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hospira"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2015-3965",
        "datePublished": "2019-03-23T19:23:49.000Z",
        "dateReserved": "2015-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:02.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3956 (GCVE-0-2015-3956)

    Vulnerability from cvelistv5 – Published: 2019-03-25 17:44 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
    Severity
    No CVSS data available.
    CWE
    • CWE-345 - Insufficient verification of data authenticity CWE-345
    Assigner
    References
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:02.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Plum A+ Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.4"
                }
              ]
            },
            {
              "product": "Plum A+3 Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.6"
                }
              ]
            },
            {
              "product": "Symbiq Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 3.13"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "Insufficient verification of data authenticity CWE-345",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-25T17:44:44.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2015-3956",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Plum A+ Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Plum A+3 Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Symbiq Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 3.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hospira"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insufficient verification of data authenticity CWE-345"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2015-3956",
        "datePublished": "2019-03-25T17:44:44.000Z",
        "dateReserved": "2015-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:02.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3954 (GCVE-0-2015-3954)

    Vulnerability from cvelistv5 – Published: 2019-03-25 16:12 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
    Severity
    No CVSS data available.
    CWE
    • CWE-285 - Improper authorization CWE-285
    Assigner
    References
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:01.128Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Plum A+ Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.4"
                }
              ]
            },
            {
              "product": "Plum A+3 Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.6"
                }
              ]
            },
            {
              "product": "Symbiq Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 3.13"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper authorization CWE-285",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-25T16:12:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2015-3954",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Plum A+ Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Plum A+3 Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Symbiq Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 3.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hospira"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper authorization CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2015-3954",
        "datePublished": "2019-03-25T16:12:01.000Z",
        "dateReserved": "2015-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:01.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3953 (GCVE-0-2015-3953)

    Vulnerability from cvelistv5 – Published: 2019-03-25 16:02 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
    Severity
    No CVSS data available.
    CWE
    • CWE-259 - Use of hard-coded password CWE-259
    Assigner
    References
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:00.957Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Plum A+ Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.4"
                }
              ]
            },
            {
              "product": "Plum A+3 Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.6"
                }
              ]
            },
            {
              "product": "Symbiq Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 3.13"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "Use of hard-coded password CWE-259",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-25T16:02:25.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2015-3953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Plum A+ Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Plum A+3 Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Symbiq Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 3.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hospira"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of hard-coded password CWE-259"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2015-3953",
        "datePublished": "2019-03-25T16:02:25.000Z",
        "dateReserved": "2015-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:00.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3952 (GCVE-0-2015-3952)

    Vulnerability from cvelistv5 – Published: 2019-03-25 15:42 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
    Severity
    No CVSS data available.
    CWE
    • CWE-312 - Cleartext storage of sensitive information CWE-312
    Assigner
    References
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:01.121Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Plum A+ Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.4"
                }
              ]
            },
            {
              "product": "Plum A+3 Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 13.6"
                }
              ]
            },
            {
              "product": "Symbiq Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 3.13"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "Cleartext storage of sensitive information CWE-312",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-25T15:42:39.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2015-3952",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Plum A+ Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Plum A+3 Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 13.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Symbiq Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 3.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hospira"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cleartext storage of sensitive information CWE-312"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2015-3952",
        "datePublished": "2019-03-25T15:42:39.000Z",
        "dateReserved": "2015-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:01.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3965 (GCVE-0-2015-3965)

    Vulnerability from cvelistv5 – Published: 2019-03-23 19:23 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hospira Symbiq Infusion System Affected: 3.13 and earlier
    Create a notification for this product.
    Date Public
    2015-07-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:02.807Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symbiq Infusion System",
              "vendor": "Hospira",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2015-07-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-23T19:23:49.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2015-3965",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symbiq Infusion System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.13 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hospira"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2015-3965",
        "datePublished": "2019-03-23T19:23:49.000Z",
        "dateReserved": "2015-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:02.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }