Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-3952

Опубликовано: 25 мар. 2019
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:pifzer:plum_a\+_infusion_system_firmware:*:*:*:*:*:*:*:*
Версия до 13.4 (включая)
cpe:2.3:h:pifzer:plum_a\+_infusion_system:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:pifzer:plum_a\+3_infusion_system_firmware:*:*:*:*:*:*:*:*
Версия до 13.6 (включая)
cpe:2.3:h:pifzer:plum_a\+3_infusion_system:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:pifzer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*
Версия до 3.13 (включая)
cpe:2.3:h:pifzer:symbiq_infusion_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 32%
0.0012
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-312
CWE-200

Связанные уязвимости

github логотип

GHSA-85xx-4vmh-93wq

CVSS3: 7.5
github
больше 3 лет назад

Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.

EPSS

Процентиль: 32%
0.0012
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-312
CWE-200