CVE-2015-3952

CVE-2015-3952

Vendor Hospira
Product Plum A+ Infusion System
Weakness CWE-312 · Cleartext storage
Published March 25, 2019
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.

Key dates

02Disclosure timeline

March 25, 2019 CVE published
August 6, 2024 Record updated