CVE-2015-3956 in Plum A+ Infusion System
Summary
by MITRE
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 08/07/2023
The CVE-2015-3956 vulnerability affects critical medical infusion systems manufactured by Hospira, specifically the Plum A+ Infusion System versions 13.4 and earlier, Plum A+3 Infusion System versions 13.6 and earlier, and Symbiq Infusion System version 3.13 and earlier. These medical devices operate in healthcare environments where security is paramount, yet they exhibit significant authentication flaws that allow unauthorized network access to critical system functions. The vulnerability represents a fundamental failure in network security architecture where devices accept commands and configuration changes from any device on the local network without proper authentication mechanisms. This issue falls under CWE-287, which addresses improper authentication vulnerabilities, and aligns with ATT&CK technique T1190 for exploitation of remote services and T1071.004 for application layer protocol usage.
The technical flaw manifests through the devices' acceptance of network communications on standard ports including FTP port 20 and Telnet port 23, which are commonly used for unauthenticated file transfers and remote access respectively. This means that any attacker with network access to the same subnet can potentially send malicious firmware updates, drug library modifications, or pump command instructions to these infusion systems. The lack of authentication verification creates a severe attack surface where unauthorized individuals could manipulate critical medical device operations, potentially leading to incorrect medication delivery or system malfunctions. The vulnerability essentially allows for a man-in-the-middle attack scenario where network traffic can be intercepted and modified without proper authorization checks.
The operational impact of this vulnerability extends beyond simple network security concerns into patient safety and healthcare delivery systems. Infusion pumps are life-critical medical devices that deliver precise amounts of medications to patients, and unauthorized access to their configuration could result in medication errors, dosage miscalculations, or complete system failures. Healthcare organizations face significant regulatory and compliance risks, as this vulnerability violates standards such as those outlined in the FDA's guidance for medical device cybersecurity and HIPAA security requirements. The potential for remote exploitation without authentication creates a particularly dangerous scenario where attackers could compromise patient care from external network locations, especially in hospital environments where network segmentation may not be properly implemented.
Organizations affected by this vulnerability should immediately implement network segmentation to isolate these devices from general network traffic and follow Hospira's recommendation to close ports 20 and 23 on affected systems. Additional mitigations include implementing network access controls, deploying intrusion detection systems to monitor for unauthorized access attempts, and conducting thorough network assessments to identify all affected devices. The release of the Plum 360 Infusion System by Hospira demonstrates a remediation approach that addresses these authentication issues, providing a secure alternative that properly implements authentication mechanisms for all network communications. This vulnerability highlights the critical importance of securing medical devices within healthcare networks and the necessity of maintaining up-to-date firmware with proper security controls to prevent unauthorized access to life-critical equipment.