How severe is CVE-2014-5406?

The severity of CVE-2014-5406 has not been assessed with CVSS v3.

CVE-2014-5406

NONE

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote

Published: 7/6/2015Updated: 11/3/2025

Description

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.

AI AnalysisPowered by AI

Affected Products

hospiralifecare_pcainfusion_firmware

hospiralifecare_pca3

hospiralifecare_pca5

References

http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
Third Party AdvisoryUS Government Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-125-01.json
https://www.cisa.gov/news-events/ics-advisories/icsa-15-125-01
https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/
http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
Third Party AdvisoryUS Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01
Third Party AdvisoryUS Government Resource
https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/