CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-5406

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.8%

CVSS Severity

CVSS v2 Score 9.3

References

http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01
https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/
http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01
https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/

Products affected by CVE-2014-5406

Hospira » Lifecare Pca3 » Version: N/A

cpe:2.3:h:hospira:lifecare_pca3:-
Hospira » Lifecare Pca5 » Version: N/A

cpe:2.3:h:hospira:lifecare_pca5:-
Hospira » Lifecare Pcainfusion Firmware » Version: 5.0

cpe:2.3:o:hospira:lifecare_pcainfusion_firmware:5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-5406

Products

Pricing

Contact Us