QwikSec

Security Database

CVE

CWE

Training

CVE-2015-3952

Published: Mar 25, 2019

Modified: Aug 6, 2024

PUBLISHED

Description

Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.

Vendor	Product	Versions
Hospira	Plum A+ Infusion System	affected `<= 13.4`
Hospira	Plum A+3 Infusion System	affected `<= 13.6`
Hospira	Symbiq Infusion System	affected `<= 3.13`

Weaknesses (CWE)

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.