CVE-2016-8358 - OpenCVE

An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Smiths-medical	Cadd-solis Medication Safety Software

Configuration 1 [-]

OR	cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:1.0:::::::*
	cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:2.0:::::::*
	cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.0:::::::*
	cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.1:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/94630
https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-02-13T22:00:00

Updated: 2024-08-06T02:20:30.891Z

Reserved: 2016-09-28T00:00:00

Link: CVE-2016-8358

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-02-13T22:59:00.180

Modified: 2017-02-28T19:02:54.807

Link: CVE-2016-8358

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1", "vendor": "n/a", "versions": [{"status": "affected", "version": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1"}]}], "datePublic": "2017-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints."}], "problemTypes": [{"descriptions": [{"description": "Smiths-Medical CADD-Solis Medication Safety Software MITM", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-02-14T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"}, {"name": "94630", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94630"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-8358", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1", "version": {"version_data": [{"version_value": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Smiths-Medical CADD-Solis Medication Safety Software MITM"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"}, {"name": "94630", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94630"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:20:30.891Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"}, {"name": "94630", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94630"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-8358", "datePublished": "2017-02-13T22:00:00", "dateReserved": "2016-09-28T00:00:00", "dateUpdated": "2024-08-06T02:20:30.891Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF207912-1122-4D34-A793-0FE76E158E0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D8F550F1-8996-45F9-9676-5E1DBC0EA8EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FC5553F-6BF6-41CB-B70D-96BD73DFD232", "vulnerable": true}, {"criteria": "cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7DF8B46B-7A15-4B90-927B-681B8C3B0411", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints."}, {"lang": "es", "value": "Ha sido descubierto un problema en Smiths-Medical CADD-Solis Medication Safety Software, Versi\u00f3n 1.0; 2,0; 3,0; Y 3.1. El software afectado no verifica las identidades en los puntos finales de comunicaci\u00f3n, lo que puede permitir que un atacante de tipo man-in-the-middle obtenga acceso al canal de comunicaci\u00f3n entre extremos."}], "id": "CVE-2016-8358", "lastModified": "2017-02-28T19:02:54.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-13T22:59:00.180", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94630"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}]}