Lucene search
K

118 matches found

Cvelist
Cvelist
added 2019/03/26 3:17 p.m.17 views

CVE-2014-5432

Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access...

9.6AI score0.02573EPSS
Exploits0References1
CVE
CVE
added 2019/03/26 3:17 p.m.47 views

CVE-2014-5432

CVE-2014-5432 affects Baxter SIGMA Spectrum Infusion System v6.05 (model 35700BAX) with Wireless Battery Module (WBM) v16. The root cause includes unauthenticated remote SSH access (Port 22) and related credential exposure. Consequences: remote attacker could modify WBM configuration and retrieve...

9.8CVSS9.3AI score0.02573EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/03/26 3:7 p.m.18 views

CVE-2014-5433

An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16, which may allow an attacker to gain access the hos...

9.9AI score0.02062EPSS
Exploits0References1
CVE
CVE
added 2019/03/26 3:7 p.m.56 views

CVE-2014-5433

CVE-2014-5433 affects Baxter’s SIGMA Spectrum Infusion System (Version 6.05, model 35700BAX) with the Wireless Battery Module (WBM) Version 16. The connected disclosures describe multiple issues: a hard-coded password enabling unauthorized management access (CWE-259), an authentication bypass tie...

9.8CVSS9.7AI score0.02062EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/03/26 2:59 p.m.20 views

CVE-2014-5434

Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new...

9.6AI score0.0156EPSS
Exploits0References1
CVE
CVE
added 2019/03/26 2:59 p.m.42 views

CVE-2014-5434

The CVE-2014-5434 entry concerns Baxter’s SIGMA Spectrum Infusion System: version 6.05 (model 35700BAX) with Wireless Battery Module (WBM) version 16, which contains a default, hard-coded credential used with FTP. The vulnerability allows remote access in some vectors (three vulnerabilities remot...

9.8CVSS9.3AI score0.0156EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/03/25 7:29 p.m.17 views

CVE-2015-1012

Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless...

7.5CVSS7.5AI score0.00771EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/03/25 6:20 p.m.19 views

CVE-2015-1012

Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless...

7.5AI score0.00771EPSS
Exploits0References1
CVE
CVE
added 2019/03/25 6:20 p.m.44 views

CVE-2015-1012

The CVE-2015-1012 entry concerns the Hospira LifeCare PCA Infusion System. Vulnerabilities include cleartext storage of wireless network keys and hardcoded credentials, with multiple related issues (e.g., improper authorization, insufficient verification of data authenticity) that could enable un...

7.5CVSS7.5AI score0.00771EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/03/25 5:29 p.m.21 views

CVE-2015-3953

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...

10CVSS9.5AI score0.01972EPSS
Exploits0References1
Prion
Prion
added 2019/03/25 5:29 p.m.18 views

Hardcoded credentials

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...

10CVSS6.9AI score0.01972EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2019/03/25 5:29 p.m.13 views

Design/Logic Flaw

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira...

10CVSS7.3AI score0.02036EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2019/03/25 4:29 p.m.15 views

Authorization

Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...

5CVSS6.6AI score0.01008EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2019/03/25 4:12 p.m.56 views

CVE-2015-3954

Hospira Plum A+ Infusion System (versions 13.4 and earlier), Plum A+3 Infusion System (13.6 and earlier), and Symbiq Infusion System (3.13 and earlier) expose unauthenticated root privileges on Port 23/TELNET by default, allowing an unauthorized user to issue pump commands. Hospira notes Plum 360...

10CVSS9.5AI score0.02036EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/03/25 4:2 p.m.18 views

CVE-2015-3953

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...

9.5AI score0.01972EPSS
Exploits0References1
CVE
CVE
added 2019/03/25 4:2 p.m.47 views

CVE-2015-3953

CVE-2015-3953 affects Hospira Plum A+ Infusion System (versions prior to 13.4), Plum A+3 Infusion System (prior to 13.6), and Symbiq Infusion System (prior to 3.13). Root cause: hard-coded credentials allowing access via affected devices; additional risk factors include services listening on Port...

10CVSS9.2AI score0.01972EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/03/25 3:42 p.m.48 views

CVE-2015-3952

Summary: CVE-2015-3952 concerns information disclosure from Hospira infusion systems where wireless keys are stored in plain text. Affected products: Plum A+ Infusion System v13.4 and earlier, Plum A+3 Infusion System v13.6 and earlier, and Symbiq Infusion System v3.13 and earlier. Root cause: cl...

7.5CVSS7.3AI score0.01008EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/03/23 8:29 p.m.18 views

CVE-2015-3965

Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function...

9CVSS8.5AI score0.02936EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/03/23 7:23 p.m.21 views

CVE-2015-3965

Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function...

8.5AI score0.02936EPSS
Exploits0References1
CVE
CVE
added 2019/03/23 7:23 p.m.53 views

CVE-2015-3965

CVE-2015-3965 affects Hospira Symbiq Infusion System (Version 3.13 and earlier). The vulnerability arises from Exposed Dangerous Method or Function (CWE-749) that, with remote access and elevated privileges, could cause unanticipated operations on the device. Affected component is the device’s so...

9CVSS8.3AI score0.02936EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder