CVE-2014-5403
published 2015-04-03CVE-2014-5403: Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain…
PriorityP423medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.78%
75.5th percentile
Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hospira | mednet | <= 5.8 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hospira MedNet Vulnerabilities
cisa_ics·2018-08-23·CVSS 6.8
[MEDIUM] Hospira MedNet Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hospira MedNet Vulnerabilities
Last RevisedAugust 23, 2018
Alert CodeICSA-15-090-03
## OVERVIEW
Independent researcher Billy Rios has identified four vulnerabilities in Hospira’s MedNet server software. Hospira has released a new version of the MedNet software and provided mitigation recommendations that mitigate the reported vulnerabilities.
Three of the four vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following MedNet software versions are affected:
- MedNet software Version 5.8 and prior versions.
## IMPACT
Exploitation of these vulnerabilities
GHSA
GHSA-7fj9-wg8v-v4f2: Hospira MedNet before 6
ghsa_unreviewed·2022-05-17
CVE-2014-5403 [MEDIUM] CWE-321 GHSA-7fj9-wg8v-v4f2: Hospira MedNet before 6
Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-04-03
Published