CVE-2014-5406

Summary

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.

Affected Software

VendorProductVersion RangeStatus
HospiraLifeCare PCA Infusion System0 <= 5.0affected
HospiraLifeCare PCA Infusion System7.0unaffected

Weaknesses

  • CWE-345: CWE-345

ADP Enrichment

CVE Program Container

Additional References

References