Search criteria
2 vulnerabilities by smiths-medical
CVE-2016-8355 (GCVE-0-2016-8355)
Vulnerability from cvelistv5 – Published: 2017-02-13 22:00 – Updated: 2024-08-06 02:20
VLAI?
Summary
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates.
Severity ?
No CVSS data available.
CWE
- Smiths-Medical CADD-Solis Medication Safety Software incorrect permissions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Smiths-Medical CADD-Solis Medication Safety Software through 3.1 |
Affected:
Smiths-Medical CADD-Solis Medication Safety Software through 3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:31.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"
},
{
"name": "94630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Smiths-Medical CADD-Solis Medication Safety Software incorrect permissions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"
},
{
"name": "94630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1",
"version": {
"version_data": [
{
"version_value": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Smiths-Medical CADD-Solis Medication Safety Software incorrect permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"
},
{
"name": "94630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-8355",
"datePublished": "2017-02-13T22:00:00",
"dateReserved": "2016-09-28T00:00:00",
"dateUpdated": "2024-08-06T02:20:31.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8358 (GCVE-0-2016-8358)
Vulnerability from cvelistv5 – Published: 2017-02-13 22:00 – Updated: 2024-08-06 02:20
VLAI?
Summary
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints.
Severity ?
No CVSS data available.
CWE
- Smiths-Medical CADD-Solis Medication Safety Software MITM
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Smiths-Medical CADD-Solis Medication Safety Software through 3.1 |
Affected:
Smiths-Medical CADD-Solis Medication Safety Software through 3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"
},
{
"name": "94630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Smiths-Medical CADD-Solis Medication Safety Software MITM",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"
},
{
"name": "94630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1",
"version": {
"version_data": [
{
"version_value": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Smiths-Medical CADD-Solis Medication Safety Software MITM"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"
},
{
"name": "94630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-8358",
"datePublished": "2017-02-13T22:00:00",
"dateReserved": "2016-09-28T00:00:00",
"dateUpdated": "2024-08-06T02:20:30.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}