10

CVE-2015-3956

EPSS 0.18%
Veröffentlicht 25.03.2019 18:29:00
Zuletzt bearbeitet 21.11.2024 02:30:08
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pifzer ≫ Plum A+ Infusion System Firmware Version <= 13.4

Pifzer ≫ Plum A+ Infusion System Version-

Pifzer ≫ Plum A+3 Infusion System Firmware Version <= 13.6

Pifzer ≫ Plum A+3 Infusion System Version-

Pifzer ≫ Symbiq Infusion System Firmware Version <= 3.13

Pifzer ≫ Symbiq Infusion System Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.395

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2015-3956

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3956

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3956

EUVD