Описание
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-3459
- https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01
- https://twitter.com/dyngnosis/status/592671049487142913
- https://twitter.com/dyngnosis/status/592743461977219072
- http://hextechsecurity.com/?p=123
- http://imgur.com/CEAnZjj
- http://imgur.com/JHiWSqd
- http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
- http://www.securityfocus.com/bid/74414
EPSS
CVE ID
Связанные уязвимости
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
Уязвимость микропрограммного обеспечения медицинского аппарата Hospira Lifecare PCA, позволяющая нарушителю получить контроль над устройством
EPSS