CVE-2015-1012
published 2019-03-25CVE-2015-1012: Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion…
PriorityP341high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
0.77%
51.0th percentile
Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hospira | lifecare_pca_infusion_system | <= 5.0 | — |
| pfizer | lifecare_pca_infusion_system_firmware | <= 5.0 | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hospira LifeCare PCA Infusion System Vulnerabilities (Update B)
cisa_ics·2015-05-13
Hospira LifeCare PCA Infusion System Vulnerabilities (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hospira LifeCare PCA Infusion System Vulnerabilities (Update B)
Last RevisedAugust 23, 2018
Alert CodeICSA-15-125-01B
## OVERVIEW
This updated advisory is a follow-up to the updated advisory titled ICSA-15-125-01A Hospira LifeCare PCA Infusion System Vulnerabilities that was published May 13, 2015, on the NCCIC/ICS-CERT web site.
## --------- Begin Update B Part 1 of 9 --------
Independent researcher Billy Rios has identified vulnerabilities in Hospira’s LifeCare PCA Infusion System, which ICS-CERT has been coordinating with Hospira since May 2014. Kyle Kamke of Ramparts, LLC
CISA ICS
Hospira LifeCare PCA Infusion System Vulnerabilities (Update A)
cisa_ics·2015-05-05
Hospira LifeCare PCA Infusion System Vulnerabilities (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hospira LifeCare PCA Infusion System Vulnerabilities (Update A)
Last RevisedAugust 23, 2018
Alert CodeICSA-15-125-01A
## OVERVIEW
This updated advisory is a follow-up to the original advisory titled ICSA-15-125-01 Hospira LifeCare PCA Infusion System Vulnerabilities that was published May 5, 2015, on the NCCIC/ICS-CERT web site.
Independent researcher Billy Rios has identified an improper authorization vulnerability and an insufficient verification of data authenticity vulnerability in Hospira’s LifeCare PCA Infusion System, which ICS-CERT has been coordinating with Hospira sin
GHSA
GHSA-82mj-h4mj-5q4v: Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System
ghsa_unreviewed·2022-05-13
CVE-2015-1012 [HIGH] CWE-200 GHSA-82mj-h4mj-5q4v: Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System
Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.
No detection rules found.
Exploit-DB
SwitchVPN for macOS 2.1012.03 - Privilege Escalation
exploitdb·2018-11-14·CVSS 7.8
CVE-2018-18860 [HIGH] SwitchVPN for macOS 2.1012.03 - Privilege Escalation
SwitchVPN for macOS 2.1012.03 - Privilege Escalation
---
Title: Privilege Escalation Vulnerability
Product: SwitchVPN for MacOS
Vulnerable version: 2.1012.03
CVE ID: CVE-2018-18860
Impact: Critical
Homepage: https://switchvpn.net/
Identified: 2018-09-29
By: Bernd Leitner (bernd.leitner [at] gmail dot com)
Vendor description:
"By 2015 we were frustrated that the free internet we loved was under
threat.
As experts in online security we believed we could solve this problem. So we
came together as a team to make SwitchVPN, a simple and powerful app to keep
the internet free. SwitchVPN is simple. Install it on your phone, tablet or
laptop, then just switch it on to keep the internet free. SwitchVPN is
powerful.
Our exclusive VPN Service technology is constantly being upgraded by a
dedicated
Exploit-DB
Malwarebytes Anti-Exploit 1.03.1.1220/1.04.1.1012 - Out-of-Bounds Read Denial of Service
exploitdb·2015-01-20·CVSS 2.1
CVE-2014-100039 [LOW] Malwarebytes Anti-Exploit 1.03.1.1220/1.04.1.1012 - Out-of-Bounds Read Denial of Service
Malwarebytes Anti-Exploit 1.03.1.1220/1.04.1.1012 - Out-of-Bounds Read Denial of Service
---
/*
Exploit Title - MalwareBytes Anti-Exploit Out-of-bounds Read DoS
Date - 19th January 2015
Discovered by - Parvez Anwar (@parvezghh)
Vendor Homepage - https://www.malwarebytes.org
Tested Version - 1.03.1.1220, 1.04.1.1012
Driver Version - no version set - mbae.sys
Tested on OS - 32bit Windows XP SP3 and Windows 7 SP1
OSVDB - http://www.osvdb.org/show/osvdb/114249
CVE ID - CVE-2014-100039
Vendor fix url - https://forums.malwarebytes.org/index.php?/topic/158251-malwarebytes-anti-exploit-hall-of-fame/
Fixed version - 1.05
Fixed driver ver - no version set
*/
#include
#include
#define BUFSIZE 25
int main(int argc, char *argv[])
{
HANDLE hDevice;
char devhandle[MAX_PATH];
DWORD dwRetBytes = 0
2019-03-25
Published