Hospira Plum A+ and Symbiq Infusion Systems Vulnerabilities

CVSS 10.0 CRITICAL

CVEs (7)

CVE-2015-3952 CVE-2015-3953 CVE-2015-3954 CVE-2015-3955 CVE-2015-3956 CVE-2015-3957 CVE-2015-3958

Remediations

Hospira is communicating with customers to direct them to close Port 20/FTP and Port 23/TELNET on the affected devices. In addition, Hospira is also releasing its Plum 360 Infusion System. Hospira asserts that the Plum 360 uses a different architecture than the Plum A+ Infusion System and is not vulnerable to the reported vulnerabilities.
For additional information about the vulnerabilities and compensating measures, contact Hospira’s technical support at 1-800-241-4002.

Affected Vendors

Hospira

Affected Products (3)

Hospira · Plum A+ Infusion System <=13.4

Hospira · Plum A+3 Infusion System <=13.6

Hospira · Symbiq Infusion System,As previously announced by Hospira in 2013, the Symbiq Infusion System was retired by Hospira on May 31, 2015 and will be fully removed from the market by December 2015. According to Hospira, during a recent service visit, the remaining Symbiq Infusion Systems have had Port 20/FTP and Port 23/TELNET closed <=3.13

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more