Lucene search

[email protected]CVE-2015-3459

HistoryApr 29, 2015 - 11:59 p.m.

CVE-2015-3459

2015-04-2923:59:00

CWE-264

[email protected]

web.nvd.nist.gov

hospira lifecare

pca infusion system

cve-2015-3459

authentication bypass

remote attack

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.5%

JSON

The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.

Affected configurations

NVD

Node

hospiralifecare_pcainfusion_firmwareRange≤5.0

AND

hospiralifecare_pca3Match-

hospiralifecare_pca5Match-

CPENameOperatorVersion
hospira:lifecare_pcainfusion_firmwarehospira lifecare pcainfusion firmwarele5.0
hospira:lifecare_pca3hospira lifecare pca3eq-
hospira:lifecare_pca5hospira lifecare pca5eq-

CPE	Name	Operator	Version
hospira:lifecare_pcainfusion_firmware	hospira lifecare pcainfusion firmware	le	5.0
hospira:lifecare_pca3	hospira lifecare pca3	eq	-
hospira:lifecare_pca5	hospira lifecare pca5	eq	-

References

hextechsecurity.com/?p=123

imgur.com/CEAnZjj

imgur.com/JHiWSqd

www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm

www.securityfocus.com/bid/74414

ics-cert.us-cert.gov/advisories/ICSA-15-125-01

twitter.com/dyngnosis/status/592671049487142913

twitter.com/dyngnosis/status/592743461977219072

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2015-3459

threatpost1 cvelist2 prion2 nvd2 cve1 ics3