CVE-2015-3953

CRITICAL

Hospira <13.4 - Info Disclosure

Title source: llm

Description

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.

References (1)

[Mitigation, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01

Scores

CVSS v3 9.8

EPSS 0.0025

EPSS Percentile 48.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-259 CWE-798

Status published

Products (3)

pifzer/plum_a\+3_infusion_system_firmware < 13.6

pifzer/plum_a\+_infusion_system_firmware < 13.4

pifzer/symbiq_infusion_system_firmware < 3.13

Published Mar 25, 2019

Tracked Since Feb 18, 2026