How severe is CVE-2014-5406?

The severity of CVE-2014-5406 has not been assessed with CVSS v3.

CVE-2014-5406

NONE

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote

Veröffentlicht: 7/6/2015Aktualisiert: 11/3/2025

Beschreibung

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.

KI-AnalyseKI-gestützt

Betroffene Produkte

hospiralifecare_pcainfusion_firmware

hospiralifecare_pca3

hospiralifecare_pca5

Referenzen

http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
Third Party AdvisoryUS Government Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-125-01.json
https://www.cisa.gov/news-events/ics-advisories/icsa-15-125-01
https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/
http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
Third Party AdvisoryUS Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01
Third Party AdvisoryUS Government Resource
https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/