Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-3954

Опубликовано: 25 мар. 2019
Источник: nvd
CVSS3: 9.8
CVSS2: 10
EPSS Низкий

Описание

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:pifzer:plum_a\+_infusion_system_firmware:*:*:*:*:*:*:*:*
Версия до 13.4 (включая)
cpe:2.3:h:pifzer:plum_a\+_infusion_system:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:pifzer:plum_a\+3_infusion_system_firmware:*:*:*:*:*:*:*:*
Версия до 13.6 (включая)
cpe:2.3:h:pifzer:plum_a\+3_infusion_system:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:pifzer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*
Версия до 3.13 (включая)
cpe:2.3:h:pifzer:symbiq_infusion_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 67%
0.00533
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-285
CWE-285

Связанные уязвимости

github логотип

GHSA-x5v7-rmgq-cm8v

CVSS3: 9.8
github
больше 3 лет назад

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.

EPSS

Процентиль: 67%
0.00533
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-285
CWE-285