cbcvebase.

Hospira Plum A+3 Infusion System vulnerabilities

4 known vulnerabilities affecting hospira/plum_a+3_infusion_system.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1

Vulnerabilities

Page 1 of 1
CVE-2015-3956P2CRITICALCVSS 9.8≤ 13.62019-03-25
CVE-2015-3956 [CRITICAL] CWE-345 CVE-2015-3956: Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and pr Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FT
nvd
CVE-2015-3954P2CRITICALCVSS 9.8≤ 13.62019-03-25
CVE-2015-3954 [CRITICAL] CWE-285 CVE-2015-3954: Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and pr Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affec
nvd
CVE-2015-3953P3CRITICALCVSS 9.8≤ 13.62019-03-25
CVE-2015-3953 [CRITICAL] CWE-259 CVE-2015-3953: Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Pl Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System w
nvd
CVE-2015-3952P3HIGHCVSS 7.5≤ 13.62019-03-25
CVE-2015-3952 [HIGH] CWE-312 CVE-2015-3952: Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Pl Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which
nvd
Hospira Plum A+3 Infusion System vulnerabilities | cvebase