Lucene search

[email protected]NVD:CVE-2016-8355

HistoryFeb 13, 2017 - 10:59 p.m.

CVE-2016-8355

2017-02-1322:59:00

CWE-306

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

36.0%

JSON

An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates.

Affected configurations

Nvd

Node

smiths-medicalcadd-solis_medication_safety_softwareMatch1.0

smiths-medicalcadd-solis_medication_safety_softwareMatch2.0

smiths-medicalcadd-solis_medication_safety_softwareMatch3.0

smiths-medicalcadd-solis_medication_safety_softwareMatch3.1

VendorProductVersionCPE
smiths-medicalcadd-solis_medication_safety_software1.0cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:1.0:*:*:*:*:*:*:*
smiths-medicalcadd-solis_medication_safety_software2.0cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:2.0:*:*:*:*:*:*:*
smiths-medicalcadd-solis_medication_safety_software3.0cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.0:*:*:*:*:*:*:*
smiths-medicalcadd-solis_medication_safety_software3.1cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
smiths-medical	cadd-solis_medication_safety_software	1.0	cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:1.0:::::::*
smiths-medical	cadd-solis_medication_safety_software	2.0	cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:2.0:::::::*
smiths-medical	cadd-solis_medication_safety_software	3.0	cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.0:::::::*
smiths-medical	cadd-solis_medication_safety_software	3.1	cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.1:::::::*

References

www.securityfocus.com/bid/94630

ics-cert.us-cert.gov/advisories/ICSMA-16-306-01

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

36.0%

JSON

Related for NVD:CVE-2016-8355

cve1 cvelist1 prion1 ics1