Vulnerability Description
Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pifzer | Plum A\+ Infusion System Firmware | <= 13.4 |
| Pifzer | Plum A\+ Infusion System | - |
| Pifzer | Plum A\+3 Infusion System Firmware | <= 13.6 |
| Pifzer | Plum A\+3 Infusion System | - |
| Pifzer | Symbiq Infusion System Firmware | <= 3.13 |
| Pifzer | Symbiq Infusion System | - |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01MitigationThird Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-3952?
CVE-2015-3952 is a vulnerability with a CVSS score of 7.5 (HIGH). Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. H...
How severe is CVE-2015-3952?
CVE-2015-3952 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3952?
Check the references section above for vendor advisories and patch information. Affected products include: Pifzer Plum A\+ Infusion System Firmware, Pifzer Plum A\+ Infusion System, Pifzer Plum A\+3 Infusion System Firmware, Pifzer Plum A\+3 Infusion System, Pifzer Symbiq Infusion System Firmware.