HIGH🇬🇧 English

CVE-2015-3459

CVSS 10.0v2.0pub. 2015-04-29upd. 2026-05-06

The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Hospira Lifecare Pca3

    HW
    Hospira
    wszystkie wersje
  • Hospira Lifecare Pca5

    HW
    Hospira
    wszystkie wersje
  • Hospira Lifecare Pcainfusion Firmware

    OS
    Hospira
    ≤ 5.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2014-5406HIGH7.6ten sam produkt

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending ...

CVE-2015-3955HIGH10.0ten sam produkt

Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versio...

CVE-2015-3958HIGH7.8ten sam produkt

Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to ...

CVE-2015-1011MEDIUM5.0ten sam produkt

Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote at...

CVE-2015-3957MEDIUM4.6ten sam produkt

Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified im...