CVE-2015-3954

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira...

Hardcoded credentials

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...

CVE-2015-3952

Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...

CVE-2015-3953

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...

CVE-2015-3965

Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function...

Code injection

Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function...

CVE-2015-3965

CVE-2015-3965 affects Hospira Symbiq Infusion System (Version 3.13 and earlier). The vulnerability arises from Exposed Dangerous Method or Function (CWE-749) that, with remote access and elevated privileges, could cause unanticipated operations on the device. Affected component is the device’s so...

CVE-2015-3965

Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function...

Hospira Symbiq Infusion System Unauthorized Access Vulnerability

The Hospira Symbiq Infusion System is an intelligent infusion system from Hospira USA. An unauthorized access vulnerability exists in the Hospira Symbiq Infusion System, which allows remote attackers to bypass restrictions and perform unauthorized operations...

Hardcoded Password Security Bypass Vulnerability in Multiple Hospira Products

The Hospira Plum A+ Infusion System, Plum A+3 Infusion System and Symbiq Infusion System are all intelligent infusion systems from Hospira. A security bypass vulnerability exists in multiple Hospira products. An attacker could exploit this vulnerability to bypass security restrictions and gain...

Multiple Hospira Product Security Bypass Vulnerabilities

The Hospira Plum A+ Infusion System, Plum A+3 Infusion System and Symbiq Infusion System are all intelligent infusion systems from Hospira. A security bypass vulnerability exists in multiple Hospira products. An attacker could exploit the vulnerability to bypass security restrictions and perform...

Information Disclosure Vulnerability in Multiple Hospira Products

The Hospira Plum A+ Infusion System, Plum A+3 Infusion System and Symbiq Infusion System are all intelligent infusion systems from Hospira. An information disclosure vulnerability exists in multiple Hospira products. An attacker could exploit this vulnerability to obtain sensitive information...

Remote Denial of Service Vulnerability in Multiple Hospira Products

The Hospira Plum A+ Infusion System, Plum A+3 Infusion System and Symbiq Infusion System are all intelligent infusion systems from Hospira. A remote denial of service vulnerability exists in multiple Hospira products. An attacker could exploit this vulnerability to cause a denial of service...

Local Security Bypass Vulnerability in Multiple Hospira Products

The Hospira Plum A+ Infusion System, Plum A+3 Infusion System and Symbiq Infusion System are all intelligent infusion systems from Hospira. A local security bypass vulnerability exists in multiple Hospira products. A local attacker could exploit this vulnerability to bypass security restrictions...

Authentication Bypass Vulnerability in Multiple Hospira Products

The Hospira Plum A+ Infusion System, Plum A+3 Infusion System and Symbiq Infusion System are all intelligent infusion systems from Hospira. An authentication bypass vulnerability exists in multiple Hospira products. An attacker could use this vulnerability to bypass the authentication mechanism a...

Stack Buffer Overflow Vulnerability in Multiple Hospira Products

The Hospira Plum A+ Infusion System, Plum A+3 Infusion System and Symbiq Infusion System are all intelligent infusion systems from Hospira. A stack buffer overflow vulnerability exists in multiple Hospira products due to the program failing to perform proper boundary checks on user-submitted inpu...

Hospira Symbiq Infusion System Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 23, 2015, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Billy Rios identified a vulnerability in Hospira’s Symbiq Infusion System, which can be exploited to remotely control th...

Hospira Plum A+ and Symbiq Infusion Systems Vulnerabilities

OVERVIEW Independent researcher Billy Rios has identified vulnerabilities in Hospira’s Plum A+ Infusion System that are similar to vulnerabilities identified in Hospira’s LifeCare PCA Infusion System discussed in advisory, ICSA-15-125-01B Hospira LifeCare PCA Infusion System Vulnerabilities...