Описание
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
Ссылки
- Broken Link
- Not Applicable
- Not Applicable
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Press/Media Coverage
- Press/Media Coverage
- Broken Link
- Not Applicable
- Not Applicable
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Press/Media Coverage
- Press/Media Coverage
Уязвимые конфигурации
Конфигурация 1Версия до 5.0 (включая)
Одновременно
cpe:2.3:o:hospira:lifecare_pcainfusion_firmware:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:hospira:lifecare_pca3:-:*:*:*:*:*:*:*
cpe:2.3:h:hospira:lifecare_pca5:-:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.17736
Средний
10 Critical
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
fstec
почти 11 лет назад
Уязвимость микропрограммного обеспечения медицинского аппарата Hospira Lifecare PCA, позволяющая нарушителю получить контроль над устройством
EPSS
Процентиль: 95%
0.17736
Средний
10 Critical
CVSS2
Дефекты
CWE-264