CVE-2015-3953
25.03.2019, 17:29
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.Enginsight
| Vendor | Product | Version |
|---|---|---|
| pifzer | plum_a\+_infusion_system_firmware | 𝑥 ≤ 13.4 |
| pifzer | plum_a\+3_infusion_system_firmware | 𝑥 ≤ 13.6 |
| pifzer | symbiq_infusion_system_firmware | 𝑥 ≤ 3.13 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-259 - Use of Hard-coded PasswordThe software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.