var-201903-0656
Vulnerability from variot
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Hospira Plum A+ Infusion System , Plum A+3 Infusion System , Symbiq Infusion System Contains vulnerabilities related to insufficient validation of data reliability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Hospira products are prone to multiple security-bypass vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. A security bypass vulnerability exists in several Hospira products. An issue in the Hospira Plum A+ and Symbiq Infusion Systems could allow an unauthenticated, remote malicious user to take complete control of a targeted system.
The issue is due to insufficient verification of supplied data authenticity by the affected software. A successful exploit could result in a complete system compromise.
ICS-CERT has confirmed the vulnerability; however, updated software is not available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0656",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "plum a\\+3 infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "13.6"
},
{
"model": "plum a\\+ infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "13.4"
},
{
"model": "symbiq infusion system",
"scope": "lte",
"trust": 1.0,
"vendor": "pifzer",
"version": "3.13"
},
{
"model": "symbiq infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "pfizer",
"version": "3.13"
},
{
"model": "plum a+ infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "hospira",
"version": "13.4"
},
{
"model": "plum a+3 infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "hospira",
"version": "13.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "NVD",
"id": "CVE-2015-3956"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:pfizer:symbiq_infusion_system_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hospira:plum_a%2B_lifecare_system",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hospira:plum_a%2B3_lifecare_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "75133"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3956",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-3956",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-81917",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-3956",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3956",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-3956",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-437",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-81917",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-3956",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81917"
},
{
"db": "VULMON",
"id": "CVE-2015-3956"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
},
{
"db": "NVD",
"id": "CVE-2015-3956"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Hospira Plum A+ Infusion System , Plum A+3 Infusion System , Symbiq Infusion System Contains vulnerabilities related to insufficient validation of data reliability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Hospira products are prone to multiple security-bypass vulnerabilities. \nAn attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. A security bypass vulnerability exists in several Hospira products. An issue in the Hospira Plum A+ and Symbiq Infusion Systems could allow an unauthenticated, remote malicious user to take complete control of a targeted system. \n\nThe issue is due to insufficient verification of supplied data authenticity by the affected software. A successful exploit could result in a complete system compromise. \n\nICS-CERT has confirmed the vulnerability; however, updated software is not available",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3956"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "BID",
"id": "75133"
},
{
"db": "VULHUB",
"id": "VHN-81917"
},
{
"db": "VULMON",
"id": "CVE-2015-3956"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3956",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-15-161-01",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-437",
"trust": 0.6
},
{
"db": "BID",
"id": "75133",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-81917",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3956",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81917"
},
{
"db": "VULMON",
"id": "CVE-2015-3956"
},
{
"db": "BID",
"id": "75133"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
},
{
"db": "NVD",
"id": "CVE-2015-3956"
}
]
},
"id": "VAR-201903-0656",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81917"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:37:35.709000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.pfizer.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81917"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "NVD",
"id": "CVE-2015-3956"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-161-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3956"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3956"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/345.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81917"
},
{
"db": "VULMON",
"id": "CVE-2015-3956"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
},
{
"db": "NVD",
"id": "CVE-2015-3956"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81917"
},
{
"db": "VULMON",
"id": "CVE-2015-3956"
},
{
"db": "BID",
"id": "75133"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
},
{
"db": "NVD",
"id": "CVE-2015-3956"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-81917"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3956"
},
{
"date": "2015-06-11T00:00:00",
"db": "BID",
"id": "75133"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-437"
},
{
"date": "2019-03-25T18:29:00.323000",
"db": "NVD",
"id": "CVE-2015-3956"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-81917"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3956"
},
{
"date": "2015-07-15T00:28:00",
"db": "BID",
"id": "75133"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008250"
},
{
"date": "2019-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-437"
},
{
"date": "2024-11-21T02:30:08.517000",
"db": "NVD",
"id": "CVE-2015-3956"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Hospira Product Vulnerabilities related to insufficient validation of data reliability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008250"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-437"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…