MidnightBSD

Advisories for pfizer

CVE-2015-1012 MEDIUM

Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,CWE-200,

Products Affected

Vendor Product Version
pfizer lifecare_pca_infusion_system_firmware *
CVE-2015-3965 HIGH

Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
pfizer symbiq_infusion_system_firmware *