Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
40 vulnerabilities by hospira
VAR-201903-0657
Vulnerability from variot - Updated: 2023-12-18 13:52Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function. Hospira Symbiq Infusion System Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Hospira Symbiq Infusion System is prone to an unauthorized-access vulnerability. Attackers can exploit this issue in conjunction with previously identified vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Hospira Symbiq Infusion System 3.13 and prior are vulnerable. Hospira Symbiq Infusion System is an intelligent infusion system developed by Hospira, USA. An unauthorized access vulnerability exists in Hospira Symbiq Infusion System 3.13 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0657",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "symbiq infusion system",
"scope": "lte",
"trust": 1.8,
"vendor": "pfizer",
"version": "3.13"
},
{
"model": "symbiq infusion system",
"scope": "eq",
"trust": 0.3,
"vendor": "hospira",
"version": "3.13"
}
],
"sources": [
{
"db": "BID",
"id": "75983"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008238"
},
{
"db": "NVD",
"id": "CVE-2015-3965"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pfizer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pfizer:symbiq_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3965"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "75983"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-744"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3965",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-3965",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-81926",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-3965",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3965",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-744",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-81926",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81926"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008238"
},
{
"db": "NVD",
"id": "CVE-2015-3965"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-744"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function. Hospira Symbiq Infusion System Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Hospira Symbiq Infusion System is prone to an unauthorized-access vulnerability. \nAttackers can exploit this issue in conjunction with previously identified vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. \nHospira Symbiq Infusion System 3.13 and prior are vulnerable. Hospira Symbiq Infusion System is an intelligent infusion system developed by Hospira, USA. An unauthorized access vulnerability exists in Hospira Symbiq Infusion System 3.13 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3965"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008238"
},
{
"db": "BID",
"id": "75983"
},
{
"db": "VULHUB",
"id": "VHN-81926"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3965",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-174-01",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008238",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-744",
"trust": 0.7
},
{
"db": "BID",
"id": "75983",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-81926",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81926"
},
{
"db": "BID",
"id": "75983"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008238"
},
{
"db": "NVD",
"id": "CVE-2015-3965"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-744"
}
]
},
"id": "VAR-201903-0657",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81926"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:52:24.145000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TopPage",
"trust": 0.8,
"url": "https://www.pfizerinjectables.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008238"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81926"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008238"
},
{
"db": "NVD",
"id": "CVE-2015-3965"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-174-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3965"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3965"
},
{
"trust": 0.3,
"url": "http://www.hospira.com/en/support_center/customer_communications/symbiq"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81926"
},
{
"db": "BID",
"id": "75983"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008238"
},
{
"db": "NVD",
"id": "CVE-2015-3965"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-744"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81926"
},
{
"db": "BID",
"id": "75983"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008238"
},
{
"db": "NVD",
"id": "CVE-2015-3965"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-744"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-81926"
},
{
"date": "2015-07-21T00:00:00",
"db": "BID",
"id": "75983"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008238"
},
{
"date": "2019-03-23T20:29:00.193000",
"db": "NVD",
"id": "CVE-2015-3965"
},
{
"date": "2015-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-744"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-81926"
},
{
"date": "2015-07-21T00:00:00",
"db": "BID",
"id": "75983"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008238"
},
{
"date": "2019-03-25T19:06:55.390000",
"db": "NVD",
"id": "CVE-2015-3965"
},
{
"date": "2019-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-744"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-744"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira Symbiq Infusion System Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008238"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-744"
}
],
"trust": 0.6
}
}
VAR-201507-0391
Vulnerability from variot - Updated: 2023-12-18 12:51Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Multiple Hospira products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Hospira LifeCare PCA Infusion System is an intelligent infusion system developed by Hospira in the United States. A security vulnerability exists in Hospira LifeCare PCA Infusion System 5.0 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lifecare pcainfusion",
"scope": "lte",
"trust": 1.0,
"vendor": "hospira",
"version": "5.0"
},
{
"model": "lifecare pca infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "hospira",
"version": "5.0"
},
{
"model": "lifecare pca3",
"scope": null,
"trust": 0.8,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pca5",
"scope": null,
"trust": 0.8,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pcainfusion",
"scope": "eq",
"trust": 0.6,
"vendor": "hospira",
"version": "5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003458"
},
{
"db": "NVD",
"id": "CVE-2015-3958"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-435"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hospira:lifecare_pcainfusion_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hospira:lifecare_pca5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hospira:lifecare_pca3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3958"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "75138"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-435"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3958",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-3958",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-81919",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3958",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-435",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-81919",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81919"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003458"
},
{
"db": "NVD",
"id": "CVE-2015-3958"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-435"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Multiple Hospira products are prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. Hospira LifeCare PCA Infusion System is an intelligent infusion system developed by Hospira in the United States. A security vulnerability exists in Hospira LifeCare PCA Infusion System 5.0 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3958"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003458"
},
{
"db": "BID",
"id": "75138"
},
{
"db": "VULHUB",
"id": "VHN-81919"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3958",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-125-01B",
"trust": 2.5
},
{
"db": "BID",
"id": "75138",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003458",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-435",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-81919",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81919"
},
{
"db": "BID",
"id": "75138"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003458"
},
{
"db": "NVD",
"id": "CVE-2015-3958"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-435"
}
]
},
"id": "VAR-201507-0391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81919"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:41.756000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LifeCare PCA Infusion System",
"trust": 0.8,
"url": "http://www.hospira.com/en/products_and_services/infusion_pumps/lifecare/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003458"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-19",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81919"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003458"
},
{
"db": "NVD",
"id": "CVE-2015-3958"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm446809.htm"
},
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-125-01b"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/75138"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3958"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3958"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81919"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003458"
},
{
"db": "NVD",
"id": "CVE-2015-3958"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81919"
},
{
"db": "BID",
"id": "75138"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003458"
},
{
"db": "NVD",
"id": "CVE-2015-3958"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81919"
},
{
"date": "2015-06-11T00:00:00",
"db": "BID",
"id": "75138"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003458"
},
{
"date": "2015-07-06T19:59:04.363000",
"db": "NVD",
"id": "CVE-2015-3958"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81919"
},
{
"date": "2015-07-15T00:29:00",
"db": "BID",
"id": "75138"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003458"
},
{
"date": "2016-12-06T03:01:33.917000",
"db": "NVD",
"id": "CVE-2015-3958"
},
{
"date": "2015-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-435"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira LifeCare PCA Infusion System Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003458"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "75138"
}
],
"trust": 0.3
}
}
VAR-201507-0390
Vulnerability from variot - Updated: 2023-12-18 12:51Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors. Multiple Hospira products are prone to a local security-bypass vulnerability. Successful exploits will allow local attackers to bypass certain security restrictions. Other attacks are also possible. The following products are available: Plum A+ Infusion System 13.4 and prior Plum A+3 Infusion System 13.6 and prior Symbiq Infusion System 3.13 and prior. Hospira LifeCare PCA Infusion System is an intelligent infusion system developed by Hospira in the United States. A security vulnerability exists in Hospira LifeCare PCA Infusion System prior to version 7.0. The vulnerability stems from the program incorrectly storing private keys and certificates. A remote attacker could exploit this vulnerability to modify drug doses
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0390",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lifecare pca3",
"scope": "eq",
"trust": 1.0,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pcainfusion",
"scope": "lte",
"trust": 1.0,
"vendor": "hospira",
"version": "5.0"
},
{
"model": "lifecare pca5",
"scope": "eq",
"trust": 1.0,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pca infusion system",
"scope": "lt",
"trust": 0.8,
"vendor": "hospira",
"version": "7.0"
},
{
"model": "lifecare pca3",
"scope": null,
"trust": 0.8,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pca5",
"scope": null,
"trust": 0.8,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pcainfusion",
"scope": "eq",
"trust": 0.6,
"vendor": "hospira",
"version": "5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003459"
},
{
"db": "NVD",
"id": "CVE-2015-3957"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-434"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hospira:lifecare_pcainfusion_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hospira:lifecare_pca5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hospira:lifecare_pca3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3957"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "75136"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-434"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3957",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-3957",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-81918",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3957",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-434",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81918",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81918"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003459"
},
{
"db": "NVD",
"id": "CVE-2015-3957"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-434"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors. Multiple Hospira products are prone to a local security-bypass vulnerability. \nSuccessful exploits will allow local attackers to bypass certain security restrictions. Other attacks are also possible. \nThe following products are available:\nPlum A+ Infusion System 13.4 and prior\nPlum A+3 Infusion System 13.6 and prior\nSymbiq Infusion System 3.13 and prior. Hospira LifeCare PCA Infusion System is an intelligent infusion system developed by Hospira in the United States. A security vulnerability exists in Hospira LifeCare PCA Infusion System prior to version 7.0. The vulnerability stems from the program incorrectly storing private keys and certificates. A remote attacker could exploit this vulnerability to modify drug doses",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3957"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003459"
},
{
"db": "BID",
"id": "75136"
},
{
"db": "VULHUB",
"id": "VHN-81918"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3957",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-125-01B",
"trust": 2.5
},
{
"db": "BID",
"id": "75136",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003459",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-434",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-81918",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81918"
},
{
"db": "BID",
"id": "75136"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003459"
},
{
"db": "NVD",
"id": "CVE-2015-3957"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-434"
}
]
},
"id": "VAR-201507-0390",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81918"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:41.727000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LifeCare PCA Infusion System",
"trust": 0.8,
"url": "http://www.hospira.com/en/products_and_services/infusion_pumps/lifecare/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003459"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81918"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003459"
},
{
"db": "NVD",
"id": "CVE-2015-3957"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm446809.htm"
},
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-125-01b"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/75136"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3957"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3957"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81918"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003459"
},
{
"db": "NVD",
"id": "CVE-2015-3957"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-434"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81918"
},
{
"db": "BID",
"id": "75136"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003459"
},
{
"db": "NVD",
"id": "CVE-2015-3957"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-434"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81918"
},
{
"date": "2015-06-10T00:00:00",
"db": "BID",
"id": "75136"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003459"
},
{
"date": "2015-07-06T19:59:03.487000",
"db": "NVD",
"id": "CVE-2015-3957"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-434"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81918"
},
{
"date": "2015-07-15T00:29:00",
"db": "BID",
"id": "75136"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003459"
},
{
"date": "2016-12-06T03:01:32.790000",
"db": "NVD",
"id": "CVE-2015-3957"
},
{
"date": "2015-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-434"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "75136"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-434"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira LifeCare PCA Infusion System Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003459"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-434"
}
],
"trust": 0.6
}
}
VAR-201507-0389
Vulnerability from variot - Updated: 2023-12-18 12:51Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via unspecified vectors. Multiple Hospira products are prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. The following products are available: Plum A+ Infusion System 13.4 and prior Plum A+3 Infusion System 13.6 and prior Symbiq Infusion System 3.13 and prior. Hospira LifeCare PCA Infusion System is an intelligent infusion system developed by Hospira in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0389",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lifecare pcainfusion",
"scope": "lte",
"trust": 1.0,
"vendor": "hospira",
"version": "5.0"
},
{
"model": "lifecare pca infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "hospira",
"version": "5.0"
},
{
"model": "lifecare pca3",
"scope": null,
"trust": 0.8,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pca5",
"scope": null,
"trust": 0.8,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pcainfusion",
"scope": "eq",
"trust": 0.6,
"vendor": "hospira",
"version": "5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "NVD",
"id": "CVE-2015-3955"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hospira:lifecare_pcainfusion_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hospira:lifecare_pca5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hospira:lifecare_pca3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3955"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "75132"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3955",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-3955",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-81916",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3955",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-436",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-81916",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81916"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "NVD",
"id": "CVE-2015-3955"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via unspecified vectors. Multiple Hospira products are prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. \nA remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. \nThe following products are available:\nPlum A+ Infusion System 13.4 and prior\nPlum A+3 Infusion System 13.6 and prior\nSymbiq Infusion System 3.13 and prior. Hospira LifeCare PCA Infusion System is an intelligent infusion system developed by Hospira in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3955"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "BID",
"id": "75132"
},
{
"db": "VULHUB",
"id": "VHN-81916"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3955",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-125-01B",
"trust": 2.5
},
{
"db": "BID",
"id": "75132",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-81916",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81916"
},
{
"db": "BID",
"id": "75132"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "NVD",
"id": "CVE-2015-3955"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
}
]
},
"id": "VAR-201507-0389",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81916"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:41.699000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LifeCare PCA Infusion System",
"trust": 0.8,
"url": "http://www.hospira.com/en/products_and_services/infusion_pumps/lifecare/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81916"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "NVD",
"id": "CVE-2015-3955"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm446809.htm"
},
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-125-01b"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/75132"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3955"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3955"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81916"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "NVD",
"id": "CVE-2015-3955"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81916"
},
{
"db": "BID",
"id": "75132"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "NVD",
"id": "CVE-2015-3955"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81916"
},
{
"date": "2015-06-10T00:00:00",
"db": "BID",
"id": "75132"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"date": "2015-07-06T19:59:02.567000",
"db": "NVD",
"id": "CVE-2015-3955"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-436"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81916"
},
{
"date": "2015-07-15T00:29:00",
"db": "BID",
"id": "75132"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"date": "2016-12-06T03:01:31.633000",
"db": "NVD",
"id": "CVE-2015-3955"
},
{
"date": "2015-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-436"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira LifeCare PCA Infusion System Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
}
],
"trust": 0.6
}
}
VAR-201507-0461
Vulnerability from variot - Updated: 2023-12-18 12:51The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459. This vulnerability CVE-2015-3459 And may be duplicated. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. Hospira LifeCare PCA Infusion System is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Hospira LifeCare PCA Infusion System 5.0 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0461",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lifecare pcainfusion",
"scope": "lte",
"trust": 1.0,
"vendor": "hospira",
"version": "5.0"
},
{
"model": "lifecare pca infusion system",
"scope": "lt",
"trust": 0.8,
"vendor": "hospira",
"version": "7.0"
},
{
"model": "lifecare pca3",
"scope": null,
"trust": 0.8,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pca5",
"scope": null,
"trust": 0.8,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pcainfusion",
"scope": "eq",
"trust": 0.6,
"vendor": "hospira",
"version": "5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008092"
},
{
"db": "NVD",
"id": "CVE-2014-5406"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-299"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hospira:lifecare_pcainfusion_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hospira:lifecare_pca5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hospira:lifecare_pca3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5406"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "74476"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-299"
}
],
"trust": 0.9
},
"cve": "CVE-2014-5406",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-5406",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-73347",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5406",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-299",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-73347",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-5406",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73347"
},
{
"db": "VULMON",
"id": "CVE-2014-5406"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008092"
},
{
"db": "NVD",
"id": "CVE-2014-5406"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-299"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459. This vulnerability CVE-2015-3459 And may be duplicated. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. Hospira LifeCare PCA Infusion System is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. \nHospira LifeCare PCA Infusion System 5.0 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5406"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008092"
},
{
"db": "BID",
"id": "74476"
},
{
"db": "VULHUB",
"id": "VHN-73347"
},
{
"db": "VULMON",
"id": "CVE-2014-5406"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5406",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-15-125-01",
"trust": 1.8
},
{
"db": "BID",
"id": "74476",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-15-125-01B",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008092",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-299",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-73347",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-5406",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73347"
},
{
"db": "VULMON",
"id": "CVE-2014-5406"
},
{
"db": "BID",
"id": "74476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008092"
},
{
"db": "NVD",
"id": "CVE-2014-5406"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-299"
}
]
},
"id": "VAR-201507-0461",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-73347"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:41.669000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LifeCare PCA Infusion System",
"trust": 0.8,
"url": "http://www.hospira.com/en/products_and_services/infusion_pumps/lifecare/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008092"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73347"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008092"
},
{
"db": "NVD",
"id": "CVE-2014-5406"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm446809.htm"
},
{
"trust": 2.6,
"url": "https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-125-01"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-125-01b"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5406"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5406"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/74476"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/345.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73347"
},
{
"db": "VULMON",
"id": "CVE-2014-5406"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008092"
},
{
"db": "NVD",
"id": "CVE-2014-5406"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-299"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-73347"
},
{
"db": "VULMON",
"id": "CVE-2014-5406"
},
{
"db": "BID",
"id": "74476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008092"
},
{
"db": "NVD",
"id": "CVE-2014-5406"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-299"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-73347"
},
{
"date": "2015-07-06T00:00:00",
"db": "VULMON",
"id": "CVE-2014-5406"
},
{
"date": "2015-05-05T00:00:00",
"db": "BID",
"id": "74476"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008092"
},
{
"date": "2015-07-06T19:59:00.097000",
"db": "NVD",
"id": "CVE-2014-5406"
},
{
"date": "2015-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-299"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-73347"
},
{
"date": "2015-07-08T00:00:00",
"db": "VULMON",
"id": "CVE-2014-5406"
},
{
"date": "2015-07-15T00:29:00",
"db": "BID",
"id": "74476"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008092"
},
{
"date": "2015-07-08T15:18:06.177000",
"db": "NVD",
"id": "CVE-2014-5406"
},
{
"date": "2015-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-299"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-299"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira LifeCare PCA Infusion System Vulnerabilities whose settings are changed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008092"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-299"
}
],
"trust": 0.6
}
}
VAR-201903-0645
Vulnerability from variot - Updated: 2023-12-18 12:51Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access. Hospira LifeCare PCA Infusion System Contains an information disclosure vulnerability.Information may be obtained. Attackers can exploit this issue to gain access to the sensitive information. Successful exploit may aid in other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0645",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lifecare pca infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pfizer",
"version": "5.0"
},
{
"model": "lifecare pca infusion system",
"scope": "eq",
"trust": 0.8,
"vendor": "hospira",
"version": "5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008246"
},
{
"db": "NVD",
"id": "CVE-2015-1012"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pfizer:lifecare_pca_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pfizer:lifecare_pca_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1012"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "74687"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1012",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-1012",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-78972",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-1012",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-1012",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-285",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-78972",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78972"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008246"
},
{
"db": "NVD",
"id": "CVE-2015-1012"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-285"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access. Hospira LifeCare PCA Infusion System Contains an information disclosure vulnerability.Information may be obtained. \nAttackers can exploit this issue to gain access to the sensitive information. Successful exploit may aid in other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1012"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008246"
},
{
"db": "BID",
"id": "74687"
},
{
"db": "VULHUB",
"id": "VHN-78972"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1012",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-125-01",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008246",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-285",
"trust": 0.7
},
{
"db": "BID",
"id": "74687",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-78972",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78972"
},
{
"db": "BID",
"id": "74687"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008246"
},
{
"db": "NVD",
"id": "CVE-2015-1012"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-285"
}
]
},
"id": "VAR-201903-0645",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78972"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:41.640000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.pfizerinjectables.com/"
},
{
"title": "Hospira Lifecare PCA Infusion Pump Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90841"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008246"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-285"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78972"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008246"
},
{
"db": "NVD",
"id": "CVE-2015-1012"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-125-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1012"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1012"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78972"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008246"
},
{
"db": "NVD",
"id": "CVE-2015-1012"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-285"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78972"
},
{
"db": "BID",
"id": "74687"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008246"
},
{
"db": "NVD",
"id": "CVE-2015-1012"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-285"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-78972"
},
{
"date": "2015-05-13T00:00:00",
"db": "BID",
"id": "74687"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008246"
},
{
"date": "2019-03-25T19:29:00.290000",
"db": "NVD",
"id": "CVE-2015-1012"
},
{
"date": "2015-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-285"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-78972"
},
{
"date": "2015-07-15T00:29:00",
"db": "BID",
"id": "74687"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008246"
},
{
"date": "2019-10-09T23:13:03.783000",
"db": "NVD",
"id": "CVE-2015-1012"
},
{
"date": "2019-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-285"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-285"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira LifeCare PCA Infusion System Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008246"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-285"
}
],
"trust": 0.6
}
}
VAR-201507-0060
Vulnerability from variot - Updated: 2023-12-18 12:51Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Hospira LifeCare PCA Infusion System Contains hard-coded authentication information, so there is a vulnerability that can gain access.Access may be obtained by a third party. Hospira Lifecare PCA Infusion Pump is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device. Hospira LifeCare PCA Infusion System is an intelligent infusion system developed by Hospira in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lifecare pcainfusion",
"scope": "lte",
"trust": 1.0,
"vendor": "hospira",
"version": "5.0"
},
{
"model": "lifecare pca infusion system",
"scope": "lt",
"trust": 0.8,
"vendor": "hospira",
"version": "7.0"
},
{
"model": "lifecare pca3",
"scope": null,
"trust": 0.8,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pca5",
"scope": null,
"trust": 0.8,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pcainfusion",
"scope": "eq",
"trust": 0.6,
"vendor": "hospira",
"version": "5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003461"
},
{
"db": "NVD",
"id": "CVE-2015-1011"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-286"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hospira:lifecare_pcainfusion_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hospira:lifecare_pca5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hospira:lifecare_pca3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1011"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "74684"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1011",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-1011",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-78971",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-1011",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-286",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78971",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78971"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003461"
},
{
"db": "NVD",
"id": "CVE-2015-1011"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-286"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Hospira LifeCare PCA Infusion System Contains hard-coded authentication information, so there is a vulnerability that can gain access.Access may be obtained by a third party. Hospira Lifecare PCA Infusion Pump is prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device. Hospira LifeCare PCA Infusion System is an intelligent infusion system developed by Hospira in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1011"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003461"
},
{
"db": "BID",
"id": "74684"
},
{
"db": "VULHUB",
"id": "VHN-78971"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1011",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-125-01A",
"trust": 1.7
},
{
"db": "BID",
"id": "74684",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-125-01B",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003461",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-286",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-78971",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78971"
},
{
"db": "BID",
"id": "74684"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003461"
},
{
"db": "NVD",
"id": "CVE-2015-1011"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-286"
}
]
},
"id": "VAR-201507-0060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78971"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:41.612000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LifeCare PCA Infusion System",
"trust": 0.8,
"url": "http://www.hospira.com/en/products_and_services/infusion_pumps/lifecare/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003461"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78971"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003461"
},
{
"db": "NVD",
"id": "CVE-2015-1011"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm446809.htm"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-125-01a"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1011"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-125-01b"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1011"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/74684"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78971"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003461"
},
{
"db": "NVD",
"id": "CVE-2015-1011"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-286"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78971"
},
{
"db": "BID",
"id": "74684"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003461"
},
{
"db": "NVD",
"id": "CVE-2015-1011"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-286"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-78971"
},
{
"date": "2015-05-13T00:00:00",
"db": "BID",
"id": "74684"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003461"
},
{
"date": "2015-07-06T19:59:01.677000",
"db": "NVD",
"id": "CVE-2015-1011"
},
{
"date": "2015-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-286"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-78971"
},
{
"date": "2015-07-15T00:29:00",
"db": "BID",
"id": "74684"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003461"
},
{
"date": "2015-07-08T15:27:38.333000",
"db": "NVD",
"id": "CVE-2015-1011"
},
{
"date": "2015-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-286"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-286"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira LifeCare PCA Infusion System Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003461"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-286"
}
],
"trust": 0.6
}
}
VAR-201504-0446
Vulnerability from variot - Updated: 2023-12-18 12:51The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands. Hospira Lifecare PCA Infusion Pump is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Remote attackers can use TCP port 23 to exploit this vulnerability to gain root privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0446",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lifecare pca5",
"scope": "eq",
"trust": 1.0,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pca3",
"scope": "eq",
"trust": 1.0,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pcainfusion",
"scope": "lte",
"trust": 1.0,
"vendor": "hospira",
"version": "5.0"
},
{
"model": "lifecare pca infusion system",
"scope": null,
"trust": 0.8,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pca infusion system",
"scope": "eq",
"trust": 0.8,
"vendor": "hospira",
"version": "412"
},
{
"model": "lifecare pcainfusion",
"scope": "eq",
"trust": 0.6,
"vendor": "hospira",
"version": "5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002513"
},
{
"db": "NVD",
"id": "CVE-2015-3459"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-595"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hospira:lifecare_pcainfusion_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hospira:lifecare_pca5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hospira:lifecare_pca3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3459"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "dyngnosis",
"sources": [
{
"db": "BID",
"id": "74414"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3459",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-3459",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-81420",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3459",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-595",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-81420",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-3459",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81420"
},
{
"db": "VULMON",
"id": "CVE-2015-3459"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002513"
},
{
"db": "NVD",
"id": "CVE-2015-3459"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-595"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands. Hospira Lifecare PCA Infusion Pump is prone to a remote authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Remote attackers can use TCP port 23 to exploit this vulnerability to gain root privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3459"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002513"
},
{
"db": "BID",
"id": "74414"
},
{
"db": "VULHUB",
"id": "VHN-81420"
},
{
"db": "VULMON",
"id": "CVE-2015-3459"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3459",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-15-125-01",
"trust": 2.0
},
{
"db": "BID",
"id": "74414",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002513",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-595",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-81420",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-15-125-01B",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3459",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81420"
},
{
"db": "VULMON",
"id": "CVE-2015-3459"
},
{
"db": "BID",
"id": "74414"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002513"
},
{
"db": "NVD",
"id": "CVE-2015-3459"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-595"
}
]
},
"id": "VAR-201504-0446",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81420"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:41.580000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LifeCare PCA Infusion System",
"trust": 0.8,
"url": "http://www.hospira.com/en/products_and_services/infusion_pumps/lifecare/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/vulnerability-riddled-drug-pumps-open-to-takeover/112629/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3459"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002513"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81420"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002513"
},
{
"db": "NVD",
"id": "CVE-2015-3459"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://twitter.com/dyngnosis/status/592671049487142913"
},
{
"trust": 2.6,
"url": "https://twitter.com/dyngnosis/status/592743461977219072"
},
{
"trust": 2.0,
"url": "http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm446809.htm"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-125-01"
},
{
"trust": 1.8,
"url": "http://imgur.com/ceanzjj"
},
{
"trust": 1.8,
"url": "http://imgur.com/jhiwsqd"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/74414"
},
{
"trust": 1.2,
"url": "http://hextechsecurity.com/?p=123"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3459"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3459"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/vulnerability-riddled-drug-pumps-open-to-takeover/112629/"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-125-01b"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81420"
},
{
"db": "VULMON",
"id": "CVE-2015-3459"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002513"
},
{
"db": "NVD",
"id": "CVE-2015-3459"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-595"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81420"
},
{
"db": "VULMON",
"id": "CVE-2015-3459"
},
{
"db": "BID",
"id": "74414"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002513"
},
{
"db": "NVD",
"id": "CVE-2015-3459"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-595"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-81420"
},
{
"date": "2015-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3459"
},
{
"date": "2015-04-27T00:00:00",
"db": "BID",
"id": "74414"
},
{
"date": "2015-05-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002513"
},
{
"date": "2015-04-29T23:59:00.057000",
"db": "NVD",
"id": "CVE-2015-3459"
},
{
"date": "2015-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-595"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-03T00:00:00",
"db": "VULHUB",
"id": "VHN-81420"
},
{
"date": "2017-01-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3459"
},
{
"date": "2015-07-15T00:29:00",
"db": "BID",
"id": "74414"
},
{
"date": "2015-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002513"
},
{
"date": "2017-01-03T19:16:30.773000",
"db": "NVD",
"id": "CVE-2015-3459"
},
{
"date": "2015-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-595"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-595"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira Lifecare PCA In infusion pumps root Privileged vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002513"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-595"
}
],
"trust": 0.6
}
}
VAR-201903-0655
Vulnerability from variot - Updated: 2023-12-18 12:00Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Multiple Hospira products are prone to an authorization security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. An issue in the Hospira Plum A+ and Symbiq Infusion Systems could allow an unauthenticated, remote malicious user to execute arbitrary commands of an affected system.
The issue exists because the affected software uses an improper mechanism to perform authorization checks on port 23/Telnet by default. An unauthenticated, remote attacker could exploit this issue by transmitting arbitrary commands on the affected system using a vulnerable port. A successful exploit could allow the malicious user to execute arbitrary commands and modify the configuration of the pump on an affected system with root-level privileges.
ICS-CERT has confirmed the vulnerability; however, updated software is not available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0655",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "plum a\\+3 infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "13.6"
},
{
"model": "symbiq infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "3.13"
},
{
"model": "plum a\\+ infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "13.4"
},
{
"model": "symbiq infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "pfizer",
"version": "3.13"
},
{
"model": "plum a+ infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "hospira",
"version": "13.4"
},
{
"model": "plum a+3 infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "hospira",
"version": "13.6"
},
{
"model": "symbiq infusion system",
"scope": "eq",
"trust": 0.3,
"vendor": "hospira",
"version": "3.13"
},
{
"model": "plum a+3 infusion system",
"scope": "eq",
"trust": 0.3,
"vendor": "hospira",
"version": "13.6"
},
{
"model": "plum a+ infusion system",
"scope": "eq",
"trust": 0.3,
"vendor": "hospira",
"version": "13.4"
}
],
"sources": [
{
"db": "BID",
"id": "75137"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008249"
},
{
"db": "NVD",
"id": "CVE-2015-3954"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pifzer:plum_a\\+_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pifzer:plum_a\\+_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pifzer:plum_a\\+3_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pifzer:plum_a\\+3_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pifzer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pifzer:symbiq_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3954"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "75137"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-473"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3954",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-3954",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-81915",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-3954",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3954",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-473",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-81915",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-3954",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81915"
},
{
"db": "VULMON",
"id": "CVE-2015-3954"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008249"
},
{
"db": "NVD",
"id": "CVE-2015-3954"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-473"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Multiple Hospira products are prone to an authorization security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. An issue in the Hospira Plum A+ and Symbiq Infusion Systems could allow an unauthenticated, remote malicious user to execute arbitrary commands of an affected system. \n\nThe issue exists because the affected software uses an improper mechanism to perform authorization checks on port 23/Telnet by default. An unauthenticated, remote attacker could exploit this issue by transmitting arbitrary commands on the affected system using a vulnerable port. A successful exploit could allow the malicious user to execute arbitrary commands and modify the configuration of the pump on an affected system with root-level privileges. \n\nICS-CERT has confirmed the vulnerability; however, updated software is not available",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3954"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008249"
},
{
"db": "BID",
"id": "75137"
},
{
"db": "VULHUB",
"id": "VHN-81915"
},
{
"db": "VULMON",
"id": "CVE-2015-3954"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3954",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-15-161-01",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008249",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-473",
"trust": 0.7
},
{
"db": "BID",
"id": "75137",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-81915",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3954",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81915"
},
{
"db": "VULMON",
"id": "CVE-2015-3954"
},
{
"db": "BID",
"id": "75137"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008249"
},
{
"db": "NVD",
"id": "CVE-2015-3954"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-473"
}
]
},
"id": "VAR-201903-0655",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81915"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:00:27.241000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.pfizer.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008249"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-285",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81915"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008249"
},
{
"db": "NVD",
"id": "CVE-2015-3954"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-161-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3954"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3954"
},
{
"trust": 0.3,
"url": "http://www.hospira.com/en/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/285.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81915"
},
{
"db": "VULMON",
"id": "CVE-2015-3954"
},
{
"db": "BID",
"id": "75137"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008249"
},
{
"db": "NVD",
"id": "CVE-2015-3954"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-473"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81915"
},
{
"db": "VULMON",
"id": "CVE-2015-3954"
},
{
"db": "BID",
"id": "75137"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008249"
},
{
"db": "NVD",
"id": "CVE-2015-3954"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-473"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-81915"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3954"
},
{
"date": "2015-06-10T00:00:00",
"db": "BID",
"id": "75137"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008249"
},
{
"date": "2019-03-25T17:29:00.670000",
"db": "NVD",
"id": "CVE-2015-3954"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-473"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-81915"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3954"
},
{
"date": "2015-06-10T00:00:00",
"db": "BID",
"id": "75137"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008249"
},
{
"date": "2019-10-09T23:14:05.787000",
"db": "NVD",
"id": "CVE-2015-3954"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-473"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-473"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Hospira Product Authorization vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008249"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-473"
}
],
"trust": 0.6
}
}
VAR-201903-0656
Vulnerability from variot - Updated: 2023-12-18 12:00Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Hospira Plum A+ Infusion System , Plum A+3 Infusion System , Symbiq Infusion System Contains vulnerabilities related to insufficient validation of data reliability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Hospira products are prone to multiple security-bypass vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. A security bypass vulnerability exists in several Hospira products. An issue in the Hospira Plum A+ and Symbiq Infusion Systems could allow an unauthenticated, remote malicious user to take complete control of a targeted system.
The issue is due to insufficient verification of supplied data authenticity by the affected software. A successful exploit could result in a complete system compromise.
ICS-CERT has confirmed the vulnerability; however, updated software is not available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0656",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "plum a\\+3 infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "13.6"
},
{
"model": "symbiq infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "3.13"
},
{
"model": "plum a\\+ infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "13.4"
},
{
"model": "symbiq infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "pfizer",
"version": "3.13"
},
{
"model": "plum a+ infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "hospira",
"version": "13.4"
},
{
"model": "plum a+3 infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "hospira",
"version": "13.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "NVD",
"id": "CVE-2015-3956"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pifzer:plum_a\\+_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pifzer:plum_a\\+_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pifzer:plum_a\\+3_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pifzer:plum_a\\+3_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pifzer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pifzer:symbiq_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3956"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "75133"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3956",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-3956",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-81917",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-3956",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3956",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-437",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-81917",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-3956",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81917"
},
{
"db": "VULMON",
"id": "CVE-2015-3956"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "NVD",
"id": "CVE-2015-3956"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Hospira Plum A+ Infusion System , Plum A+3 Infusion System , Symbiq Infusion System Contains vulnerabilities related to insufficient validation of data reliability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Hospira products are prone to multiple security-bypass vulnerabilities. \nAn attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. A security bypass vulnerability exists in several Hospira products. An issue in the Hospira Plum A+ and Symbiq Infusion Systems could allow an unauthenticated, remote malicious user to take complete control of a targeted system. \n\nThe issue is due to insufficient verification of supplied data authenticity by the affected software. A successful exploit could result in a complete system compromise. \n\nICS-CERT has confirmed the vulnerability; however, updated software is not available",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3956"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "BID",
"id": "75133"
},
{
"db": "VULHUB",
"id": "VHN-81917"
},
{
"db": "VULMON",
"id": "CVE-2015-3956"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3956",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-15-161-01",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-437",
"trust": 0.6
},
{
"db": "BID",
"id": "75133",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-81917",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3956",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81917"
},
{
"db": "VULMON",
"id": "CVE-2015-3956"
},
{
"db": "BID",
"id": "75133"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "NVD",
"id": "CVE-2015-3956"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
}
]
},
"id": "VAR-201903-0656",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81917"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:00:27.210000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.pfizer.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81917"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "NVD",
"id": "CVE-2015-3956"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-161-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3956"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3956"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/345.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81917"
},
{
"db": "VULMON",
"id": "CVE-2015-3956"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "NVD",
"id": "CVE-2015-3956"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81917"
},
{
"db": "VULMON",
"id": "CVE-2015-3956"
},
{
"db": "BID",
"id": "75133"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "NVD",
"id": "CVE-2015-3956"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-81917"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3956"
},
{
"date": "2015-06-11T00:00:00",
"db": "BID",
"id": "75133"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"date": "2019-03-25T18:29:00.323000",
"db": "NVD",
"id": "CVE-2015-3956"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-437"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-81917"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3956"
},
{
"date": "2015-07-15T00:28:00",
"db": "BID",
"id": "75133"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"date": "2019-10-09T23:14:05.973000",
"db": "NVD",
"id": "CVE-2015-3956"
},
{
"date": "2019-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-437"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Hospira Product Vulnerabilities related to insufficient validation of data reliability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
}
],
"trust": 0.6
}
}
VAR-201903-0653
Vulnerability from variot - Updated: 2023-12-18 12:00Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Multiple Hospira products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Information disclosure vulnerabilities exist in several Hospira products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0653",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "plum a\\+3 infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "13.6"
},
{
"model": "symbiq infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "3.13"
},
{
"model": "plum a\\+ infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "13.4"
},
{
"model": "symbiq infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "pfizer",
"version": "3.13"
},
{
"model": "plum a+ infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "hospira",
"version": "13.4"
},
{
"model": "plum a+3 infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "hospira",
"version": "13.6"
},
{
"model": "symbiq infusion system",
"scope": "eq",
"trust": 0.3,
"vendor": "hospira",
"version": "3.13"
},
{
"model": "plum a+3 infusion system",
"scope": "eq",
"trust": 0.3,
"vendor": "hospira",
"version": "13.6"
},
{
"model": "plum a+ infusion system",
"scope": "eq",
"trust": 0.3,
"vendor": "hospira",
"version": "13.4"
}
],
"sources": [
{
"db": "BID",
"id": "75134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008247"
},
{
"db": "NVD",
"id": "CVE-2015-3952"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pifzer:plum_a\\+_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pifzer:plum_a\\+_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pifzer:plum_a\\+3_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pifzer:plum_a\\+3_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pifzer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pifzer:symbiq_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3952"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "75134"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-471"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3952",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-3952",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-81913",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-3952",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3952",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-471",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-81913",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81913"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008247"
},
{
"db": "NVD",
"id": "CVE-2015-3952"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-471"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Multiple Hospira products are prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may lead to further attacks. Information disclosure vulnerabilities exist in several Hospira products",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3952"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008247"
},
{
"db": "BID",
"id": "75134"
},
{
"db": "VULHUB",
"id": "VHN-81913"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3952",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-161-01",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008247",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-471",
"trust": 0.7
},
{
"db": "BID",
"id": "75134",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-81913",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81913"
},
{
"db": "BID",
"id": "75134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008247"
},
{
"db": "NVD",
"id": "CVE-2015-3952"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-471"
}
]
},
"id": "VAR-201903-0653",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81913"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:00:27.180000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.pfizer.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008247"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81913"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008247"
},
{
"db": "NVD",
"id": "CVE-2015-3952"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-161-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3952"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3952"
},
{
"trust": 0.3,
"url": "http://www.hospira.com/en/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81913"
},
{
"db": "BID",
"id": "75134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008247"
},
{
"db": "NVD",
"id": "CVE-2015-3952"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-471"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81913"
},
{
"db": "BID",
"id": "75134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008247"
},
{
"db": "NVD",
"id": "CVE-2015-3952"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-471"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-81913"
},
{
"date": "2015-06-11T00:00:00",
"db": "BID",
"id": "75134"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008247"
},
{
"date": "2019-03-25T16:29:00.303000",
"db": "NVD",
"id": "CVE-2015-3952"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-471"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-81913"
},
{
"date": "2015-06-11T00:00:00",
"db": "BID",
"id": "75134"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008247"
},
{
"date": "2019-10-09T23:14:05.410000",
"db": "NVD",
"id": "CVE-2015-3952"
},
{
"date": "2019-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-471"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Hospira Product Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008247"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-471"
}
],
"trust": 0.6
}
}
VAR-201903-0654
Vulnerability from variot - Updated: 2023-12-18 12:00Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Multiple Hospira Products are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0654",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "plum a\\+3 infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "13.6"
},
{
"model": "symbiq infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "3.13"
},
{
"model": "plum a\\+ infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "13.4"
},
{
"model": "symbiq infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "pfizer",
"version": "3.13"
},
{
"model": "plum a+ infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "hospira",
"version": "13.4"
},
{
"model": "plum a+3 infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "hospira",
"version": "13.6"
},
{
"model": "symbiq infusion system",
"scope": "eq",
"trust": 0.3,
"vendor": "hospira",
"version": "3.13"
},
{
"model": "plum a+3 infusion system",
"scope": "eq",
"trust": 0.3,
"vendor": "hospira",
"version": "13.6"
},
{
"model": "plum a+ infusion system",
"scope": "eq",
"trust": 0.3,
"vendor": "hospira",
"version": "13.4"
}
],
"sources": [
{
"db": "BID",
"id": "75135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008248"
},
{
"db": "NVD",
"id": "CVE-2015-3953"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pifzer:plum_a\\+_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pifzer:plum_a\\+_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pifzer:plum_a\\+3_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pifzer:plum_a\\+3_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pifzer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pifzer:symbiq_infusion_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3953"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "75135"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-474"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3953",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-3953",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-81914",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-3953",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3953",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-474",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-81914",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-3953",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81914"
},
{
"db": "VULMON",
"id": "CVE-2015-3953"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008248"
},
{
"db": "NVD",
"id": "CVE-2015-3953"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-474"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Multiple Hospira Products are prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3953"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008248"
},
{
"db": "BID",
"id": "75135"
},
{
"db": "VULHUB",
"id": "VHN-81914"
},
{
"db": "VULMON",
"id": "CVE-2015-3953"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3953",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-15-161-01",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008248",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-474",
"trust": 0.7
},
{
"db": "BID",
"id": "75135",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-81914",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3953",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81914"
},
{
"db": "VULMON",
"id": "CVE-2015-3953"
},
{
"db": "BID",
"id": "75135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008248"
},
{
"db": "NVD",
"id": "CVE-2015-3953"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-474"
}
]
},
"id": "VAR-201903-0654",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81914"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:00:27.149000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.pfizer.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008248"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81914"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008248"
},
{
"db": "NVD",
"id": "CVE-2015-3953"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-161-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3953"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3953"
},
{
"trust": 0.3,
"url": "http://www.hospira.com/en/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/75135"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81914"
},
{
"db": "VULMON",
"id": "CVE-2015-3953"
},
{
"db": "BID",
"id": "75135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008248"
},
{
"db": "NVD",
"id": "CVE-2015-3953"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-474"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81914"
},
{
"db": "VULMON",
"id": "CVE-2015-3953"
},
{
"db": "BID",
"id": "75135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008248"
},
{
"db": "NVD",
"id": "CVE-2015-3953"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-474"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-81914"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3953"
},
{
"date": "2015-06-10T00:00:00",
"db": "BID",
"id": "75135"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008248"
},
{
"date": "2019-03-25T17:29:00.623000",
"db": "NVD",
"id": "CVE-2015-3953"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-474"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-81914"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3953"
},
{
"date": "2015-06-10T00:00:00",
"db": "BID",
"id": "75135"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008248"
},
{
"date": "2019-10-09T23:14:05.630000",
"db": "NVD",
"id": "CVE-2015-3953"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-474"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-474"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Hospira Product Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008248"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-474"
}
],
"trust": 0.6
}
}
CVE-2014-5401 (GCVE-0-2014-5401)
Vulnerability from cvelistv5 – Published: 2019-03-26 16:21 – Updated: 2025-11-03 18:20
VLAI
Title
Hospira MedNet Code Injection
Summary
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| https://github.com/cisagov/CSAF/blob/develop/csaf… | |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03 | x_refsource_MISCx_transferred |
Impacted products
Date Public
2015-03-31 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MedNet",
"vendor": "Hospira",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2015-03-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nHospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.\n\n\u003c/p\u003e"
}
],
"value": "Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:20:04.649Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\u003c/p\u003e\n\u003cp\u003eHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002.\u003c/p\u003e"
}
],
"value": "Hospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\n\n\nHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002."
}
],
"source": {
"advisory": "ICSA-15-090-03",
"discovery": "EXTERNAL"
},
"title": "Hospira MedNet Code Injection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5401",
"datePublished": "2019-03-26T16:21:54.000Z",
"dateReserved": "2014-08-22T00:00:00.000Z",
"dateUpdated": "2025-11-03T18:20:04.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2015-1012 (GCVE-0-2015-1012)
Vulnerability from cvelistv5 – Published: 2019-03-25 18:20 – Updated: 2024-08-06 04:26
VLAI
Summary
Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.
Severity
No CVSS data available.
CWE
- CWE-312 - Cleartext storage of sensitive information CWE-312
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hospira | LifeCare PCA Infusion System |
Affected:
<= 5.0
|
Date Public
2015-05-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LifeCare PCA Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.0"
}
]
}
],
"datePublic": "2015-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext storage of sensitive information CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T18:20:12.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-1012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LifeCare PCA Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 5.0"
}
]
}
}
]
},
"vendor_name": "Hospira"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext storage of sensitive information CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-1012",
"datePublished": "2019-03-25T18:20:12.000Z",
"dateReserved": "2015-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:11.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3956 (GCVE-0-2015-3956)
Vulnerability from cvelistv5 – Published: 2019-03-25 17:44 – Updated: 2024-08-06 06:04
VLAI
Summary
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
Severity
No CVSS data available.
CWE
- CWE-345 - Insufficient verification of data authenticity CWE-345
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hospira | Plum A+ Infusion System |
Affected:
<= 13.4
|
|
| Hospira | Plum A+3 Infusion System |
Affected:
<= 13.6
|
|
| Hospira | Symbiq Infusion System |
Affected:
<= 3.13
|
Date Public
2015-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Plum A+ Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.4"
}
]
},
{
"product": "Plum A+3 Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.6"
}
]
},
{
"product": "Symbiq Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.13"
}
]
}
],
"datePublic": "2015-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "Insufficient verification of data authenticity CWE-345",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T17:44:44.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Plum A+ Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.4"
}
]
}
},
{
"product_name": "Plum A+3 Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.6"
}
]
}
},
{
"product_name": "Symbiq Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 3.13"
}
]
}
}
]
},
"vendor_name": "Hospira"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient verification of data authenticity CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3956",
"datePublished": "2019-03-25T17:44:44.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:02.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3954 (GCVE-0-2015-3954)
Vulnerability from cvelistv5 – Published: 2019-03-25 16:12 – Updated: 2024-08-06 06:04
VLAI
Summary
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
Severity
No CVSS data available.
CWE
- CWE-285 - Improper authorization CWE-285
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hospira | Plum A+ Infusion System |
Affected:
<= 13.4
|
|
| Hospira | Plum A+3 Infusion System |
Affected:
<= 13.6
|
|
| Hospira | Symbiq Infusion System |
Affected:
<= 3.13
|
Date Public
2015-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:01.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Plum A+ Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.4"
}
]
},
{
"product": "Plum A+3 Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.6"
}
]
},
{
"product": "Symbiq Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.13"
}
]
}
],
"datePublic": "2015-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper authorization CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T16:12:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Plum A+ Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.4"
}
]
}
},
{
"product_name": "Plum A+3 Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.6"
}
]
}
},
{
"product_name": "Symbiq Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 3.13"
}
]
}
}
]
},
"vendor_name": "Hospira"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authorization CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3954",
"datePublished": "2019-03-25T16:12:01.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:01.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3953 (GCVE-0-2015-3953)
Vulnerability from cvelistv5 – Published: 2019-03-25 16:02 – Updated: 2024-08-06 06:04
VLAI
Summary
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
Severity
No CVSS data available.
CWE
- CWE-259 - Use of hard-coded password CWE-259
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hospira | Plum A+ Infusion System |
Affected:
<= 13.4
|
|
| Hospira | Plum A+3 Infusion System |
Affected:
<= 13.6
|
|
| Hospira | Symbiq Infusion System |
Affected:
<= 3.13
|
Date Public
2015-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:00.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Plum A+ Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.4"
}
]
},
{
"product": "Plum A+3 Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.6"
}
]
},
{
"product": "Symbiq Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.13"
}
]
}
],
"datePublic": "2015-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of hard-coded password CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T16:02:25.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Plum A+ Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.4"
}
]
}
},
{
"product_name": "Plum A+3 Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.6"
}
]
}
},
{
"product_name": "Symbiq Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 3.13"
}
]
}
}
]
},
"vendor_name": "Hospira"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded password CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3953",
"datePublished": "2019-03-25T16:02:25.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:00.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3952 (GCVE-0-2015-3952)
Vulnerability from cvelistv5 – Published: 2019-03-25 15:42 – Updated: 2024-08-06 06:04
VLAI
Summary
Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
Severity
No CVSS data available.
CWE
- CWE-312 - Cleartext storage of sensitive information CWE-312
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hospira | Plum A+ Infusion System |
Affected:
<= 13.4
|
|
| Hospira | Plum A+3 Infusion System |
Affected:
<= 13.6
|
|
| Hospira | Symbiq Infusion System |
Affected:
<= 3.13
|
Date Public
2015-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:01.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Plum A+ Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.4"
}
]
},
{
"product": "Plum A+3 Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.6"
}
]
},
{
"product": "Symbiq Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.13"
}
]
}
],
"datePublic": "2015-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext storage of sensitive information CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T15:42:39.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Plum A+ Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.4"
}
]
}
},
{
"product_name": "Plum A+3 Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.6"
}
]
}
},
{
"product_name": "Symbiq Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 3.13"
}
]
}
}
]
},
"vendor_name": "Hospira"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext storage of sensitive information CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3952",
"datePublished": "2019-03-25T15:42:39.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:01.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3965 (GCVE-0-2015-3965)
Vulnerability from cvelistv5 – Published: 2019-03-23 19:23 – Updated: 2024-08-06 06:04
VLAI
Summary
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hospira | Symbiq Infusion System |
Affected:
3.13 and earlier
|
Date Public
2015-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symbiq Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "3.13 and earlier"
}
]
}
],
"datePublic": "2015-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-23T19:23:49.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symbiq Infusion System",
"version": {
"version_data": [
{
"version_value": "3.13 and earlier"
}
]
}
}
]
},
"vendor_name": "Hospira"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3965",
"datePublished": "2019-03-23T19:23:49.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:02.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7909 (GCVE-0-2015-7909)
Vulnerability from cvelistv5 – Published: 2016-01-22 11:00 – Updated: 2024-08-06 08:06
VLAI
Summary
Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02 | x_refsource_MISC |
Date Public
2016-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-22T05:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-7909",
"datePublished": "2016-01-22T11:00:00.000Z",
"dateReserved": "2015-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:06:31.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5401 (GCVE-0-2014-5401)
Vulnerability from nvd – Published: 2019-03-26 16:21 – Updated: 2025-11-03 18:20
VLAI
Title
Hospira MedNet Code Injection
Summary
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| https://github.com/cisagov/CSAF/blob/develop/csaf… | |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03 | x_refsource_MISCx_transferred |
Impacted products
Date Public
2015-03-31 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MedNet",
"vendor": "Hospira",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2015-03-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nHospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.\n\n\u003c/p\u003e"
}
],
"value": "Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:20:04.649Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\u003c/p\u003e\n\u003cp\u003eHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002.\u003c/p\u003e"
}
],
"value": "Hospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\n\n\nHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002."
}
],
"source": {
"advisory": "ICSA-15-090-03",
"discovery": "EXTERNAL"
},
"title": "Hospira MedNet Code Injection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5401",
"datePublished": "2019-03-26T16:21:54.000Z",
"dateReserved": "2014-08-22T00:00:00.000Z",
"dateUpdated": "2025-11-03T18:20:04.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2015-1012 (GCVE-0-2015-1012)
Vulnerability from nvd – Published: 2019-03-25 18:20 – Updated: 2024-08-06 04:26
VLAI
Summary
Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.
Severity
No CVSS data available.
CWE
- CWE-312 - Cleartext storage of sensitive information CWE-312
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hospira | LifeCare PCA Infusion System |
Affected:
<= 5.0
|
Date Public
2015-05-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LifeCare PCA Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.0"
}
]
}
],
"datePublic": "2015-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext storage of sensitive information CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T18:20:12.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-1012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LifeCare PCA Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 5.0"
}
]
}
}
]
},
"vendor_name": "Hospira"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext storage of sensitive information CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-1012",
"datePublished": "2019-03-25T18:20:12.000Z",
"dateReserved": "2015-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:11.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3956 (GCVE-0-2015-3956)
Vulnerability from nvd – Published: 2019-03-25 17:44 – Updated: 2024-08-06 06:04
VLAI
Summary
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
Severity
No CVSS data available.
CWE
- CWE-345 - Insufficient verification of data authenticity CWE-345
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hospira | Plum A+ Infusion System |
Affected:
<= 13.4
|
|
| Hospira | Plum A+3 Infusion System |
Affected:
<= 13.6
|
|
| Hospira | Symbiq Infusion System |
Affected:
<= 3.13
|
Date Public
2015-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Plum A+ Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.4"
}
]
},
{
"product": "Plum A+3 Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.6"
}
]
},
{
"product": "Symbiq Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.13"
}
]
}
],
"datePublic": "2015-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "Insufficient verification of data authenticity CWE-345",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T17:44:44.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Plum A+ Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.4"
}
]
}
},
{
"product_name": "Plum A+3 Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.6"
}
]
}
},
{
"product_name": "Symbiq Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 3.13"
}
]
}
}
]
},
"vendor_name": "Hospira"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient verification of data authenticity CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3956",
"datePublished": "2019-03-25T17:44:44.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:02.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3954 (GCVE-0-2015-3954)
Vulnerability from nvd – Published: 2019-03-25 16:12 – Updated: 2024-08-06 06:04
VLAI
Summary
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
Severity
No CVSS data available.
CWE
- CWE-285 - Improper authorization CWE-285
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hospira | Plum A+ Infusion System |
Affected:
<= 13.4
|
|
| Hospira | Plum A+3 Infusion System |
Affected:
<= 13.6
|
|
| Hospira | Symbiq Infusion System |
Affected:
<= 3.13
|
Date Public
2015-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:01.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Plum A+ Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.4"
}
]
},
{
"product": "Plum A+3 Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.6"
}
]
},
{
"product": "Symbiq Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.13"
}
]
}
],
"datePublic": "2015-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper authorization CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T16:12:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Plum A+ Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.4"
}
]
}
},
{
"product_name": "Plum A+3 Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.6"
}
]
}
},
{
"product_name": "Symbiq Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 3.13"
}
]
}
}
]
},
"vendor_name": "Hospira"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authorization CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3954",
"datePublished": "2019-03-25T16:12:01.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:01.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3953 (GCVE-0-2015-3953)
Vulnerability from nvd – Published: 2019-03-25 16:02 – Updated: 2024-08-06 06:04
VLAI
Summary
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
Severity
No CVSS data available.
CWE
- CWE-259 - Use of hard-coded password CWE-259
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hospira | Plum A+ Infusion System |
Affected:
<= 13.4
|
|
| Hospira | Plum A+3 Infusion System |
Affected:
<= 13.6
|
|
| Hospira | Symbiq Infusion System |
Affected:
<= 3.13
|
Date Public
2015-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:00.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Plum A+ Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.4"
}
]
},
{
"product": "Plum A+3 Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.6"
}
]
},
{
"product": "Symbiq Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.13"
}
]
}
],
"datePublic": "2015-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of hard-coded password CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T16:02:25.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Plum A+ Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.4"
}
]
}
},
{
"product_name": "Plum A+3 Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.6"
}
]
}
},
{
"product_name": "Symbiq Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 3.13"
}
]
}
}
]
},
"vendor_name": "Hospira"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded password CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3953",
"datePublished": "2019-03-25T16:02:25.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:00.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3952 (GCVE-0-2015-3952)
Vulnerability from nvd – Published: 2019-03-25 15:42 – Updated: 2024-08-06 06:04
VLAI
Summary
Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
Severity
No CVSS data available.
CWE
- CWE-312 - Cleartext storage of sensitive information CWE-312
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hospira | Plum A+ Infusion System |
Affected:
<= 13.4
|
|
| Hospira | Plum A+3 Infusion System |
Affected:
<= 13.6
|
|
| Hospira | Symbiq Infusion System |
Affected:
<= 3.13
|
Date Public
2015-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:01.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Plum A+ Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.4"
}
]
},
{
"product": "Plum A+3 Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 13.6"
}
]
},
{
"product": "Symbiq Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.13"
}
]
}
],
"datePublic": "2015-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext storage of sensitive information CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T15:42:39.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Plum A+ Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.4"
}
]
}
},
{
"product_name": "Plum A+3 Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 13.6"
}
]
}
},
{
"product_name": "Symbiq Infusion System",
"version": {
"version_data": [
{
"version_value": "\u003c= 3.13"
}
]
}
}
]
},
"vendor_name": "Hospira"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext storage of sensitive information CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3952",
"datePublished": "2019-03-25T15:42:39.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:01.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3965 (GCVE-0-2015-3965)
Vulnerability from nvd – Published: 2019-03-23 19:23 – Updated: 2024-08-06 06:04
VLAI
Summary
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hospira | Symbiq Infusion System |
Affected:
3.13 and earlier
|
Date Public
2015-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symbiq Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "3.13 and earlier"
}
]
}
],
"datePublic": "2015-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-23T19:23:49.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symbiq Infusion System",
"version": {
"version_data": [
{
"version_value": "3.13 and earlier"
}
]
}
}
]
},
"vendor_name": "Hospira"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3965",
"datePublished": "2019-03-23T19:23:49.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:02.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7909 (GCVE-0-2015-7909)
Vulnerability from nvd – Published: 2016-01-22 11:00 – Updated: 2024-08-06 08:06
VLAI
Summary
Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02 | x_refsource_MISC |
Date Public
2016-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-22T05:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-7909",
"datePublished": "2016-01-22T11:00:00.000Z",
"dateReserved": "2015-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:06:31.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3957 (GCVE-0-2015-3957)
Vulnerability from nvd – Published: 2015-07-06 19:10 – Updated: 2024-08-06 06:04
VLAI
Summary
Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.fda.gov/MedicalDevices/Safety/Alertsan… | x_refsource_MISC |
| http://www.securityfocus.com/bid/75136 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01B | x_refsource_MISC |
Date Public
2015-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:01.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm"
},
{
"name": "75136",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75136"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01B"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm"
},
{
"name": "75136",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75136"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01B"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm",
"refsource": "MISC",
"url": "http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm"
},
{
"name": "75136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75136"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01B",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01B"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3957",
"datePublished": "2015-07-06T19:10:00.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:01.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5406 (GCVE-0-2014-5406)
Vulnerability from nvd – Published: 2015-07-06 19:10 – Updated: 2025-11-03 18:34
VLAI
Title
Hospira LifeCare PCA Infusion System
Summary
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.
Severity
No CVSS data available.
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://www.fda.gov/MedicalDevices/Safety/Alertsan… | x_refsource_MISC |
| https://xs-sniper.com/blog/2015/06/08/hospira-plu… | x_refsource_MISC |
| https://github.com/cisagov/CSAF/blob/develop/csaf… | |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01 | x_refsource_MISCx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hospira | LifeCare PCA Infusion System |
Affected:
0 , ≤ 5.0
(custom)
Unaffected: 7.0 |
Date Public
2015-05-05 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LifeCare PCA Infusion System",
"vendor": "Hospira",
"versions": [
{
"lessThanOrEqual": "5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2015-05-05T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.\u003c/p\u003e"
}
],
"value": "The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:34:36.324Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-125-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-125-01.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eICS-CERT has been working with Hospira since May 2014 to address the \nvulnerabilities in the LifeCare PCA Infusion System. Hospira has \ndeveloped a new version of the PCS Infusion System, Version 7.0 that \naddresses the identified vulnerabilities. According to Hospira, \nVersion 7.0 has Port 20/FTP and Port 23/TELNET closed by default to \nprevent unauthorized access. Existing PCA Infusion Systems running \nVersion 5.0 can be upgraded to Version 7.0 when it becomes available. \nHospira\u2019s Version 7.0 is being reviewed by the FDA prior to its release.\n The release date for Version 7.0 of the LifeCare PCA Infusion System \nhas not been determined.\u003c/p\u003e\n\u003cp\u003eFor additional information about Hospira\u2019s new release, contact Hospira\u2019s technical support at 1\u2011800-241-4002.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "ICS-CERT has been working with Hospira since May 2014 to address the \nvulnerabilities in the LifeCare PCA Infusion System. Hospira has \ndeveloped a new version of the PCS Infusion System, Version 7.0 that \naddresses the identified vulnerabilities. According to Hospira, \nVersion 7.0 has Port 20/FTP and Port 23/TELNET closed by default to \nprevent unauthorized access. Existing PCA Infusion Systems running \nVersion 5.0 can be upgraded to Version 7.0 when it becomes available. \nHospira\u2019s Version 7.0 is being reviewed by the FDA prior to its release.\n The release date for Version 7.0 of the LifeCare PCA Infusion System \nhas not been determined.\n\n\nFor additional information about Hospira\u2019s new release, contact Hospira\u2019s technical support at 1\u2011800-241-4002."
}
],
"source": {
"advisory": "ICSA-15-125-01",
"discovery": "EXTERNAL"
},
"title": "Hospira LifeCare PCA Infusion System",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01"
},
{
"name": "http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm",
"refsource": "MISC",
"url": "http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm"
},
{
"name": "https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/",
"refsource": "MISC",
"url": "https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5406",
"datePublished": "2015-07-06T19:10:00.000Z",
"dateReserved": "2014-08-22T00:00:00.000Z",
"dateUpdated": "2025-11-03T18:34:36.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}