Vulnerabilites related to pfizer - symbiq_infusion_system_firmware
Vulnerability from fkie_nvd
Published
2019-03-23 20:29
Modified
2024-11-21 02:30
Severity ?
Summary
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pfizer | symbiq_infusion_system_firmware | * | |
| pfizer | symbiq_infusion_system | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pfizer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C60690B-14F5-401E-8204-1516A2A6CD1C",
"versionEndIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pfizer:symbiq_infusion_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3668E376-D297-46F3-8650-CF3F62D14499",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function."
},
{
"lang": "es",
"value": "Hospira Symbiq Infusion System, en versiones 3.13 y anteriores, permite que los usuarios autenticados remotos desencadenen \"operaciones no anticipadas\" aprovechando \"privilegios elevados\" para una llamada no especificada a una funci\u00f3n expuesta de manera incorrecta."
}
],
"id": "CVE-2015-3965",
"lastModified": "2024-11-21T02:30:09.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-23T20:29:00.193",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-3965 (GCVE-0-2015-3965)
Vulnerability from cvelistv5
Published
2019-03-23 19:23
Modified
2024-08-06 06:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hospira | Symbiq Infusion System |
Version: 3.13 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symbiq Infusion System",
"vendor": "Hospira",
"versions": [
{
"status": "affected",
"version": "3.13 and earlier"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-23T19:23:49",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symbiq Infusion System",
"version": {
"version_data": [
{
"version_value": "3.13 and earlier"
}
]
}
}
]
},
"vendor_name": "Hospira"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3965",
"datePublished": "2019-03-23T19:23:49",
"dateReserved": "2015-05-12T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}