← Voltar para CVEs
CVE-2014-5406
N/ADescricao
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado7/6/2015
Ultima modificacao11/3/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
hospira:lifecare_pca3hospira:lifecare_pca5hospira:lifecare_pcainfusion_firmware
Fraquezas (CWE)
CWE-345CWE-345
Referencias
http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm(ics-cert@hq.dhs.gov)
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-125-01.json(ics-cert@hq.dhs.gov)
https://www.cisa.gov/news-events/ics-advisories/icsa-15-125-01(ics-cert@hq.dhs.gov)
https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/(ics-cert@hq.dhs.gov)
http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01(af854a3a-2127-422b-91ae-364da2661108)
https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.