Lucene search

[email protected]CVE-2014-5406

HistoryJul 06, 2015 - 7:59 p.m.

CVE-2014-5406

2015-07-0619:59:00

CWE-345

[email protected]

web.nvd.nist.gov

hospira

lifecare pca

infusion system

cve-2014-5406

network security

remote attackers

medication data

vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.5%

JSON

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, © HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.

Affected configurations

NVD

Node

hospiralifecare_pcainfusion_firmwareRange≤5.0

AND

hospiralifecare_pca3Match-

hospiralifecare_pca5Match-

CPENameOperatorVersion
hospira:lifecare_pcainfusion_firmwarehospira lifecare pcainfusion firmwarele5.0

CPE	Name	Operator	Version
hospira:lifecare_pcainfusion_firmware	hospira lifecare pcainfusion firmware	le	5.0

References

www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm

ics-cert.us-cert.gov/advisories/ICSA-15-125-01

xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2014-5406

prion2 ics3 nvd2 cvelist2 cve1 threatpost1