CVE-2016-8358 Smiths Medical CVE debrief

Who should care

Hospitals, clinical engineering teams, biomedical device administrators, and network/security teams that support Smiths-Medical CADD-Solis Medication Safety Software should treat this as relevant, especially if affected versions are in use on reachable networks.

Technical summary

The weakness is mapped to CWE-346 (Origin Validation Error). The affected versions are 1.0, 2.0, 3.0, and 3.1. The core issue is failure to verify endpoint identity during communication, which creates a man-in-the-middle opportunity. The official NVD entry lists the vulnerability as modified on 2026-05-13, but the CVE was published on 2017-02-13.

Defensive priority

High. The issue is network-reachable and can affect the security of communications for impacted software versions, with NVD scoring indicating high potential impact once exploitation conditions are met.

Recommended defensive actions

• Inventory whether Smiths-Medical CADD-Solis Medication Safety Software versions 1.0, 2.0, 3.0, or 3.1 are deployed.
• Review the ICS-CERT advisory and any vendor guidance for mitigation or compensating controls.
• Restrict network access to the software and related communication paths to trusted segments only.
• Monitor for anomalous or unexpected traffic that could indicate interception attempts on the communication channel.
• Plan upgrades or vendor-supported remediation where available, and document compensating controls if immediate replacement is not possible.

Evidence notes

All statements are based on the supplied NVD record and the referenced ICS-CERT/US-CERT advisory. The source corpus identifies the affected product, vulnerable versions, CWE-346, and the CVSS 3.0 vector. No exploit code or unverified remediation details are included.

Official resources