Hospira Lifecare Pca Infusion System vulnerabilities
3 known vulnerabilities affecting hospira/lifecare_pca_infusion_system.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2014-5406P3CRITICALCVSS 9.3≤ 5.02015-07-06
CVE-2014-5406 [CRITICAL] CWE-345 CVE-2014-5406: The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated wit
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CV
nvd
CVE-2015-1012P3HIGHCVSS 7.5≤ 5.02019-03-25
CVE-2015-1012 [HIGH] CWE-312 CVE-2015-1012: Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. Acc
Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new
nvd
CVE-2015-7909P3HIGHCVSS 7.3v5.0.72016-01-22
CVE-2015-7909 [HIGH] CWE-119 CVE-2015-7909: Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion
Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000.
nvd