How severe is CVE-2014-5406?

The severity of CVE-2014-5406 has not been assessed with CVSS v3.

CVE-2014-5406

NONE

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote

Publicado: 7/6/2015Atualizado: 11/3/2025

Descrição

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.

Análise IADesenvolvido por IA

Produtos Afetados

hospiralifecare_pcainfusion_firmware

hospiralifecare_pca3

hospiralifecare_pca5

Referências

http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
Third Party AdvisoryUS Government Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-125-01.json
https://www.cisa.gov/news-events/ics-advisories/icsa-15-125-01
https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/
http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
Third Party AdvisoryUS Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01
Third Party AdvisoryUS Government Resource
https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/