CVE-2014-5400
published 2015-04-03CVE-2014-5400: The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive…
PriorityP44low2.1CVSS 2.0
AVLACLAuNCPINAN
EPSS
0.33%
24.6th percentile
The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hospira | mednet | <= 5.8 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hospira MedNet Vulnerabilities
cisa_ics·2018-08-23·CVSS 6.8
[MEDIUM] Hospira MedNet Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hospira MedNet Vulnerabilities
Last RevisedAugust 23, 2018
Alert CodeICSA-15-090-03
## OVERVIEW
Independent researcher Billy Rios has identified four vulnerabilities in Hospira’s MedNet server software. Hospira has released a new version of the MedNet software and provided mitigation recommendations that mitigate the reported vulnerabilities.
Three of the four vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following MedNet software versions are affected:
- MedNet software Version 5.8 and prior versions.
## IMPACT
Exploitation of these vulnerabilities
GHSA
GHSA-cxhq-365x-27h7: The installation component in Hospira MedNet before 6
ghsa_unreviewed·2022-05-17
CVE-2014-5400 [LOW] CWE-200 GHSA-cxhq-365x-27h7: The installation component in Hospira MedNet before 6
The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-04-03
Published