15 matches found
EUVD-2015-7807
Malware in sbrugna...
CVE-2015-3954
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira...
Hardcoded credentials
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...
CVE-2015-3952
Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...
CVE-2015-3953
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...
Stack overflow
Stack-based buffer overflow in Hospira Communication Engine CE before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port...
CVE-2015-7909
Stack-based buffer overflow in Hospira Communication Engine CE before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port...
CVE-2015-7909
Hospira LifeCare PCA Infusion System (v5.07) and Plum A+/A+3 Infusion Systems (CE prior to v1.2) are affected by a stack-based buffer overflow in the Hospira Communication Engine (CE) exposed on TCP port 5000. The vulnerability enables a remote attacker to cause a denial of service (and potential...
Hospira Multiple Products Buffer Overflow Vulnerability
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 3, 2015, and is being released to the NCCIC/ICS-CERT web site. Jeremy Richards of SAINT Corporation has identified a buffer overflow vulnerability in Hospira’s LifeCare PCA Infusion System. Hospira has...
Information Disclosure Vulnerability in Multiple Hospira Products
The Hospira Plum A+ Infusion System, Plum A+3 Infusion System and Symbiq Infusion System are all intelligent infusion systems from Hospira. An information disclosure vulnerability exists in multiple Hospira products. An attacker could exploit this vulnerability to obtain sensitive information...
Local Security Bypass Vulnerability in Multiple Hospira Products
The Hospira Plum A+ Infusion System, Plum A+3 Infusion System and Symbiq Infusion System are all intelligent infusion systems from Hospira. A local security bypass vulnerability exists in multiple Hospira products. A local attacker could exploit this vulnerability to bypass security restrictions...
Remote Denial of Service Vulnerability in Multiple Hospira Products
The Hospira Plum A+ Infusion System, Plum A+3 Infusion System and Symbiq Infusion System are all intelligent infusion systems from Hospira. A remote denial of service vulnerability exists in multiple Hospira products. An attacker could exploit this vulnerability to cause a denial of service...
Authentication Bypass Vulnerability in Multiple Hospira Products
The Hospira Plum A+ Infusion System, Plum A+3 Infusion System and Symbiq Infusion System are all intelligent infusion systems from Hospira. An authentication bypass vulnerability exists in multiple Hospira products. An attacker could use this vulnerability to bypass the authentication mechanism a...
Multiple Hospira Product Security Bypass Vulnerabilities
The Hospira Plum A+ Infusion System, Plum A+3 Infusion System and Symbiq Infusion System are all intelligent infusion systems from Hospira. A security bypass vulnerability exists in multiple Hospira products. An attacker could exploit the vulnerability to bypass security restrictions and perform...
Hospira Plum A+ and Symbiq Infusion Systems Vulnerabilities
OVERVIEW Independent researcher Billy Rios has identified vulnerabilities in Hospira’s Plum A+ Infusion System that are similar to vulnerabilities identified in Hospira’s LifeCare PCA Infusion System discussed in advisory, ICSA-15-125-01B Hospira LifeCare PCA Infusion System Vulnerabilities...