CVE-2015-3459
N/A
N/A
Summary
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01
- http://imgur.com/JHiWSqd
- http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
- https://twitter.com/dyngnosis/status/592671049487142913
- http://hextechsecurity.com/?p=123
- https://twitter.com/dyngnosis/status/592743461977219072
- http://imgur.com/CEAnZjj
- http://www.securityfocus.com/bid/74414
References
- https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01
- http://imgur.com/JHiWSqd
- http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
- https://twitter.com/dyngnosis/status/592671049487142913
- http://hextechsecurity.com/?p=123
- https://twitter.com/dyngnosis/status/592743461977219072
- http://imgur.com/CEAnZjj
- http://www.securityfocus.com/bid/74414
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.