118 matches found
CVE-2014-5432
Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access...
CVE-2014-5432
CVE-2014-5432 affects Baxter SIGMA Spectrum Infusion System v6.05 (model 35700BAX) with Wireless Battery Module (WBM) v16. The root cause includes unauthenticated remote SSH access (Port 22) and related credential exposure. Consequences: remote attacker could modify WBM configuration and retrieve...
CVE-2014-5433
An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16, which may allow an attacker to gain access the hos...
CVE-2014-5433
CVE-2014-5433 affects Baxter’s SIGMA Spectrum Infusion System (Version 6.05, model 35700BAX) with the Wireless Battery Module (WBM) Version 16. The connected disclosures describe multiple issues: a hard-coded password enabling unauthorized management access (CWE-259), an authentication bypass tie...
CVE-2014-5434
Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new...
CVE-2014-5434
The CVE-2014-5434 entry concerns Baxter’s SIGMA Spectrum Infusion System: version 6.05 (model 35700BAX) with Wireless Battery Module (WBM) version 16, which contains a default, hard-coded credential used with FTP. The vulnerability allows remote access in some vectors (three vulnerabilities remot...
CVE-2015-1012
Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless...
CVE-2015-1012
Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless...
CVE-2015-1012
The CVE-2015-1012 entry concerns the Hospira LifeCare PCA Infusion System. Vulnerabilities include cleartext storage of wireless network keys and hardcoded credentials, with multiple related issues (e.g., improper authorization, insufficient verification of data authenticity) that could enable un...
CVE-2015-3953
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...
Hardcoded credentials
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...
Design/Logic Flaw
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira...
Authorization
Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...
CVE-2015-3954
Hospira Plum A+ Infusion System (versions 13.4 and earlier), Plum A+3 Infusion System (13.6 and earlier), and Symbiq Infusion System (3.13 and earlier) expose unauthenticated root privileges on Port 23/TELNET by default, allowing an unauthorized user to issue pump commands. Hospira notes Plum 360...
CVE-2015-3953
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...
CVE-2015-3953
CVE-2015-3953 affects Hospira Plum A+ Infusion System (versions prior to 13.4), Plum A+3 Infusion System (prior to 13.6), and Symbiq Infusion System (prior to 3.13). Root cause: hard-coded credentials allowing access via affected devices; additional risk factors include services listening on Port...
CVE-2015-3952
Summary: CVE-2015-3952 concerns information disclosure from Hospira infusion systems where wireless keys are stored in plain text. Affected products: Plum A+ Infusion System v13.4 and earlier, Plum A+3 Infusion System v13.6 and earlier, and Symbiq Infusion System v3.13 and earlier. Root cause: cl...
CVE-2015-3965
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function...
CVE-2015-3965
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function...
CVE-2015-3965
CVE-2015-3965 affects Hospira Symbiq Infusion System (Version 3.13 and earlier). The vulnerability arises from Exposed Dangerous Method or Function (CWE-749) that, with remote access and elevated privileges, could cause unanticipated operations on the device. Affected component is the device’s so...