How severe is CVE-2014-5406?

The severity of CVE-2014-5406 has not been assessed with CVSS v3.

CVE-2014-5406

NONE

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote

Publicado: 7/6/2015Actualizado: 11/3/2025

Descripción

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.

Análisis IAImpulsado por IA

Productos Afectados

hospiralifecare_pcainfusion_firmware

hospiralifecare_pca3

hospiralifecare_pca5

Referencias

http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
Third Party AdvisoryUS Government Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-125-01.json
https://www.cisa.gov/news-events/ics-advisories/icsa-15-125-01
https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/
http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
Third Party AdvisoryUS Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01
Third Party AdvisoryUS Government Resource
https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/