Lucene search

IcscertCVE-2015-1012

HistoryMar 25, 2019 - 7:29 p.m.

CVE-2015-1012

2019-03-2519:29:00

CWE-312

CWE-200

icscert

web.nvd.nist.gov

hospira

lifecare

pca infusion system

wireless

plain text

vulnerabilities

version 5.0

version 7.0

port 20

port 23

ftp

telnet

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

52.9%

JSON

Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.

Affected configurations

Nvd

Node

pfizerlifecare_pca_infusion_system_firmwareRange≤5.0

AND

pfizerlifecare_pca_infusion_systemMatch-

VendorProductVersionCPE
pfizerlifecare_pca_infusion_system_firmware*cpe:2.3:o:pfizer:lifecare_pca_infusion_system_firmware:*:*:*:*:*:*:*:*
pfizerlifecare_pca_infusion_system-cpe:2.3:h:pfizer:lifecare_pca_infusion_system:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pfizer	lifecare_pca_infusion_system_firmware	*	cpe:2.3:o:pfizer:lifecare_pca_infusion_system_firmware::::::::
pfizer	lifecare_pca_infusion_system	-	cpe:2.3:h:pfizer:lifecare_pca_infusion_system:-:::::::*

CNA Affected

[
  {
    "product": "LifeCare PCA Infusion System",
    "vendor": "Hospira",
    "versions": [
      {
        "status": "affected",
        "version": "<= 5.0"
      }
    ]
  }
]

References

ics-cert.us-cert.gov/advisories/ICSA-15-125-01

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

52.9%

JSON

Related for CVE-2015-1012