Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-3953

Опубликовано: 25 мар. 2019
Источник: nvd
CVSS3: 9.8
CVSS2: 10
EPSS Низкий

Описание

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:pifzer:plum_a\+_infusion_system_firmware:*:*:*:*:*:*:*:*
Версия до 13.4 (включая)
cpe:2.3:h:pifzer:plum_a\+_infusion_system:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:pifzer:plum_a\+3_infusion_system_firmware:*:*:*:*:*:*:*:*
Версия до 13.6 (включая)
cpe:2.3:h:pifzer:plum_a\+3_infusion_system:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:pifzer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*
Версия до 3.13 (включая)
cpe:2.3:h:pifzer:symbiq_infusion_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 48%
0.00248
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-259
CWE-798

Связанные уязвимости

github логотип

GHSA-vw52-2pgm-8cj2

CVSS3: 9.8
github
больше 3 лет назад

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.

EPSS

Процентиль: 48%
0.00248
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-259
CWE-798