CVE

Id
72703  
CVE No.
CVE-2014-5406  
Status
Candidate  
Description
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.  
Phase
Assigned (20140822)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
685454 72703 CVE-2014-5406 MISC:http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm  View
685455 72703 CVE-2014-5406 MISC:https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
19304 JVNDB-2014-008182 Beckhoff Embedded PC Images およびオートメーションデバイス仕様の TwinCAT コンポーネントにおけるアクセス権を取得される脆弱性 Beckhoff Embedded PC Images およびオートメーションデバイス仕様 (ADS) の TwinCAT コンポーネントは、認証の試行回数を制限しないため、アクセス権を取得される脆弱性が存在します。 CVE-2014-5414 72703 9.4 9.1 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-008182.html  View