CVE-2016-8358 - OpenCVE

An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Smiths-medical	Cadd-solis Medication Safety Software

Configuration 1 [-]

OR	cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:1.0:::::::*
	cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:2.0:::::::*
	cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.0:::::::*
	cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.1:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/94630	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2017-02-13T22:00:00

Updated: 2017-02-14T10:57:01

Reserved: 2016-09-28T00:00:00

Link: CVE-2016-8358

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-02-13T22:59:00.180

Modified: 2017-02-28T19:02:54.807

Link: CVE-2016-8358

JSON object: View

Redhat Information

No data.

CWE

CWE-346

{"containers": {"cna": {"affected": [{"product": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1", "vendor": "n/a", "versions": [{"status": "affected", "version": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1"}]}], "datePublic": "2017-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints."}], "problemTypes": [{"descriptions": [{"description": "Smiths-Medical CADD-Solis Medication Safety Software MITM", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-02-14T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"}, {"name": "94630", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94630"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-8358", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1", "version": {"version_data": [{"version_value": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Smiths-Medical CADD-Solis Medication Safety Software MITM"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"}, {"name": "94630", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94630"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-8358", "datePublished": "2017-02-13T22:00:00", "dateReserved": "2016-09-28T00:00:00", "dateUpdated": "2017-02-14T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF207912-1122-4D34-A793-0FE76E158E0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D8F550F1-8996-45F9-9676-5E1DBC0EA8EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FC5553F-6BF6-41CB-B70D-96BD73DFD232", "vulnerable": true}, {"criteria": "cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7DF8B46B-7A15-4B90-927B-681B8C3B0411", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints."}, {"lang": "es", "value": "Ha sido descubierto un problema en Smiths-Medical CADD-Solis Medication Safety Software, Versi\u00f3n 1.0; 2,0; 3,0; Y 3.1. El software afectado no verifica las identidades en los puntos finales de comunicaci\u00f3n, lo que puede permitir que un atacante de tipo man-in-the-middle obtenga acceso al canal de comunicaci\u00f3n entre extremos."}], "id": "CVE-2016-8358", "lastModified": "2017-02-28T19:02:54.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-13T22:59:00.180", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94630"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}]}