CVE-2015-3459
published 2015-04-29CVE-2015-3459: The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote…
PriorityP259critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.16%
91.4th percentile
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hospira | lifecare_pca_infusion_system | <= 5.0 | — |
| hospira | lifecare_pcainfusion_firmware | <= 5.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthorized file uploads or configuration changes pushed to the device over Port 23/TELNET, Port 80/HTTP, Port 443/HTTPS, or Port 5000/UPNP, which may indicate exploitation of the data authenticity vulnerability (CVE-2014-5406). ↗
- →Alert on any network traffic to/from Hospira LifeCare PCA Infusion System devices on port 23 (Telnet) originating from untrusted or external network segments. ↗
- →Use MD5 checksums on key device files to detect unauthorized modifications to drug libraries, software, or pump configuration. ↗
- →Detect presence of AppWeb version 1.0.2 on LifeCare PCA Infusion System Version 5 (prior to 5.07) as an indicator of a vulnerable and potentially exploitable web server. ↗
- →Exploits targeting some of these vulnerabilities are publicly available; monitor threat intelligence feeds for exploit code targeting Hospira LifeCare PCA devices. ↗
- ·The vulnerability (CVE-2015-3459) only affects LifeCare PCA Infusion System Version 5.0 and prior; Version 7.0 closes port 23/TELNET and port 20/FTP by default and is not affected. ↗
- ·Wireless keys are stored in plaintext on Version 5 of the device, expanding the attack surface beyond Telnet; Version 3 is not indicated for wireless use. ↗
- ·Hardcoded accounts exist on the device (CVE-2015-1011) and may be used in conjunction with the unauthenticated Telnet access described in CVE-2015-3459. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hospira LifeCare PCA Infusion System Vulnerabilities
cisa_ics·2018-08-23
Hospira LifeCare PCA Infusion System Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hospira LifeCare PCA Infusion System Vulnerabilities
Last RevisedAugust 23, 2018
Alert CodeICSA-15-125-01
## OVERVIEW
Independent researcher Billy Rios has identified an improper authorization vulnerability and an insufficient verification of data authenticity vulnerability in Hospira’s LifeCare PCA Infusion System, which NCCIC/ICS-CERT has been coordinating with Hospira since May 2014. This advisory is being issued to provide notice of public disclosures of the identified vulnerabilities in the LifeCare PCA Infusion System. Hospira has developed a new version that mitigates the
CISA ICS
Hospira LifeCare PCA Infusion System Vulnerabilities (Update B)
cisa_ics·2015-05-13
Hospira LifeCare PCA Infusion System Vulnerabilities (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hospira LifeCare PCA Infusion System Vulnerabilities (Update B)
Last RevisedAugust 23, 2018
Alert CodeICSA-15-125-01B
## OVERVIEW
This updated advisory is a follow-up to the updated advisory titled ICSA-15-125-01A Hospira LifeCare PCA Infusion System Vulnerabilities that was published May 13, 2015, on the NCCIC/ICS-CERT web site.
## --------- Begin Update B Part 1 of 9 --------
Independent researcher Billy Rios has identified vulnerabilities in Hospira’s LifeCare PCA Infusion System, which ICS-CERT has been coordinating with Hospira since May 2014. Kyle Kamke of Ramparts, LLC
CISA ICS
Hospira LifeCare PCA Infusion System Vulnerabilities (Update A)
cisa_ics·2015-05-05
Hospira LifeCare PCA Infusion System Vulnerabilities (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hospira LifeCare PCA Infusion System Vulnerabilities (Update A)
Last RevisedAugust 23, 2018
Alert CodeICSA-15-125-01A
## OVERVIEW
This updated advisory is a follow-up to the original advisory titled ICSA-15-125-01 Hospira LifeCare PCA Infusion System Vulnerabilities that was published May 5, 2015, on the NCCIC/ICS-CERT web site.
Independent researcher Billy Rios has identified an improper authorization vulnerability and an insufficient verification of data authenticity vulnerability in Hospira’s LifeCare PCA Infusion System, which ICS-CERT has been coordinating with Hospira sin
GHSA
GHSA-vxf4-qh89-w2r6: The Hospira LifeCare PCA Infusion System before 7
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2014-5406 [CRITICAL] CWE-345 GHSA-vxf4-qh89-w2r6: The Hospira LifeCare PCA Infusion System before 7
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.
GHSA
GHSA-cc9x-rch9-9fff: The communication module on the Hospira LifeCare PCA Infusion System before 7
ghsa_unreviewed·2022-05-17
CVE-2015-3459 [HIGH] GHSA-cc9x-rch9-9fff: The communication module on the Hospira LifeCare PCA Infusion System before 7
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://hextechsecurity.com/?p=123http://imgur.com/CEAnZjjhttp://imgur.com/JHiWSqdhttp://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htmhttp://www.securityfocus.com/bid/74414https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01https://twitter.com/dyngnosis/status/592671049487142913https://twitter.com/dyngnosis/status/592743461977219072http://hextechsecurity.com/?p=123http://imgur.com/CEAnZjjhttp://imgur.com/JHiWSqdhttp://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htmhttp://www.securityfocus.com/bid/74414https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01https://twitter.com/dyngnosis/status/592671049487142913https://twitter.com/dyngnosis/status/592743461977219072
2015-04-29
Published