CVE-2014-5401
published 2019-03-26CVE-2014-5401: Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated…
PriorityP265critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.01%
91.2th percentile
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hospira | mednet | <= 5.8 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2014-5401 targets vulnerable versions of JBoss Enterprise Application Platform bundled with Hospira MedNet ≤5.8; detect unauthenticated remote code execution attempts against JBoss EAP endpoints exposed by MedNet servers ↗
- →An attacker with low skill level can exploit this remotely with no authentication required (CVSS AV:N/AC:L/Au:N); monitor for unexpected unauthenticated connections to JBoss EAP management/HTTP ports on MedNet servers ↗
- →Monitor MedNet servers for unauthorized modifications to medication libraries and pump configurations, which may indicate successful exploitation of CVE-2014-5401 ↗
- →Use MD5 checksums on key MedNet files to detect file tampering resulting from code injection via the JBoss EAP vulnerability ↗
- ·No known public exploits specifically target CVE-2014-5401 at time of advisory publication; exploitation difficulty is rated low skill ↗
- ·Only MedNet software Version 5.8 and prior are affected; MedNet 6.1 addresses the vulnerable JBoss EAP component ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hospira MedNet Vulnerabilities
cisa_ics·2018-08-23·CVSS 6.8
[MEDIUM] Hospira MedNet Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hospira MedNet Vulnerabilities
Last RevisedAugust 23, 2018
Alert CodeICSA-15-090-03
## OVERVIEW
Independent researcher Billy Rios has identified four vulnerabilities in Hospira’s MedNet server software. Hospira has released a new version of the MedNet software and provided mitigation recommendations that mitigate the reported vulnerabilities.
Three of the four vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following MedNet software versions are affected:
- MedNet software Version 5.8 and prior versions.
## IMPACT
Exploitation of these vulnerabilities
GHSA
GHSA-8845-p3hj-8543: Hospira MedNet software version 5
ghsa_unreviewed·2022-05-13
CVE-2014-5401 [CRITICAL] CWE-94 GHSA-8845-p3hj-8543: Hospira MedNet software version 5
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-03-26
Published