Sign-up

ID

VAR-201903-0657


CVE

CVE-2015-3965


TITLE

Hospira Symbiq Infusion System Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2015-008238

DESCRIPTION

Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function. Hospira Symbiq Infusion System Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Hospira Symbiq Infusion System is prone to an unauthorized-access vulnerability. Attackers can exploit this issue in conjunction with previously identified vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Hospira Symbiq Infusion System 3.13 and prior are vulnerable. Hospira Symbiq Infusion System is an intelligent infusion system developed by Hospira, USA. An unauthorized access vulnerability exists in Hospira Symbiq Infusion System 3.13 and earlier

Trust: 1.98

sources: NVD: CVE-2015-3965 // JVNDB: JVNDB-2015-008238 // BID: 75983 // VULHUB: VHN-81926

AFFECTED PRODUCTS

vendor:pfizermodel:symbiq infusion systemscope:lteversion:3.13

Trust: 1.8

vendor:hospiramodel:symbiq infusion systemscope:eqversion:3.13

Trust: 0.3

sources: BID: 75983 // JVNDB: JVNDB-2015-008238 // NVD: CVE-2015-3965

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3965
value: HIGH

Trust: 1.0

NVD: CVE-2015-3965
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201507-744
value: HIGH

Trust: 0.6

VULHUB: VHN-81926
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-3965
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-81926
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-3965
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-81926 // JVNDB: JVNDB-2015-008238 // CNNVD: CNNVD-201507-744 // NVD: CVE-2015-3965

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-81926 // JVNDB: JVNDB-2015-008238 // NVD: CVE-2015-3965

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-744

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201507-744

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008238

PATCH
title:TopPageurl:https://www.pfizerinjectables.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-008238

EXTERNAL IDS
db:NVDid:CVE-2015-3965
Trust: 2.8
db:ICS CERTid:ICSA-15-174-01
Trust: 2.8
db:JVNDBid:JVNDB-2015-008238
Trust: 0.8
db:CNNVDid:CNNVD-201507-744
Trust: 0.7
db:BIDid:75983
Trust: 0.4
db:VULHUBid:VHN-81926
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81926 // 
            
            
            
            BID: 75983 // 
            
            
            
            JVNDB: JVNDB-2015-008238 // 
            
            
            
            CNNVD: CNNVD-201507-744 // 
            
            
            
            NVD: CVE-2015-3965

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-174-01
Trust: 2.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-3965
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3965
Trust: 0.8
url:http://www.hospira.com/en/support_center/customer_communications/symbiq
Trust: 0.3
sources:
            
            
            VULHUB: VHN-81926 // 
            
            
            
            BID: 75983 // 
            
            
            
            JVNDB: JVNDB-2015-008238 // 
            
            
            
            CNNVD: CNNVD-201507-744 // 
            
            
            
            NVD: CVE-2015-3965

CREDITS
Billy Rios
Trust: 0.9
sources:
            
            
            BID: 75983 // 
            
            
            
            CNNVD: CNNVD-201507-744

SOURCES
db:VULHUBid:VHN-81926
db:BIDid:75983
db:JVNDBid:JVNDB-2015-008238
db:CNNVDid:CNNVD-201507-744
db:NVDid:CVE-2015-3965

LAST UPDATE DATE
2024-11-23T22:55:38.522000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81926date:2019-03-25T00:00:00
db:BIDid:75983date:2015-07-21T00:00:00
db:JVNDBid:JVNDB-2015-008238date:2019-04-22T00:00:00
db:CNNVDid:CNNVD-201507-744date:2019-04-03T00:00:00
db:NVDid:CVE-2015-3965date:2024-11-21T02:30:09.823

SOURCES RELEASE DATE
db:VULHUBid:VHN-81926date:2019-03-23T00:00:00
db:BIDid:75983date:2015-07-21T00:00:00
db:JVNDBid:JVNDB-2015-008238date:2019-04-22T00:00:00
db:CNNVDid:CNNVD-201507-744date:2015-07-23T00:00:00
db:NVDid:CVE-2015-3965date:2019-03-23T20:29:00.193