cbcvebase.
CVE-2015-3459
published 2015-04-29

CVE-2015-3459: The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote…

PriorityP259critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.16%
91.4th percentile
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.

Affected

2 ranges
VendorProductVersion rangeFixed in
hospiralifecare_pca_infusion_system<= 5.0
hospiralifecare_pcainfusion_firmware<= 5.0

Detection & IOCsextracted from sources · hover to see the quote

port80/HTTP
port443/HTTPS
port20/FTP
versionAppWeb 1.0.2
  • Monitor for unauthorized file uploads or configuration changes pushed to the device over Port 23/TELNET, Port 80/HTTP, Port 443/HTTPS, or Port 5000/UPNP, which may indicate exploitation of the data authenticity vulnerability (CVE-2014-5406).
  • Alert on any network traffic to/from Hospira LifeCare PCA Infusion System devices on port 23 (Telnet) originating from untrusted or external network segments.
  • Use MD5 checksums on key device files to detect unauthorized modifications to drug libraries, software, or pump configuration.
  • Detect presence of AppWeb version 1.0.2 on LifeCare PCA Infusion System Version 5 (prior to 5.07) as an indicator of a vulnerable and potentially exploitable web server.
  • Exploits targeting some of these vulnerabilities are publicly available; monitor threat intelligence feeds for exploit code targeting Hospira LifeCare PCA devices.
  • ·The vulnerability (CVE-2015-3459) only affects LifeCare PCA Infusion System Version 5.0 and prior; Version 7.0 closes port 23/TELNET and port 20/FTP by default and is not affected.
  • ·Wireless keys are stored in plaintext on Version 5 of the device, expanding the attack surface beyond Telnet; Version 3 is not indicated for wireless use.
  • ·Hardcoded accounts exist on the device (CVE-2015-1011) and may be used in conjunction with the unauthenticated Telnet access described in CVE-2015-3459.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.