NVD

Id
33084  
Name
CVE-2014-5406  
Description
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2015-07-06  
Modified Date
2015-07-08  
Seq
2014-5406  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
173552 33084 CVE-2014-5406 http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm  View
173553 33084 CVE-2014-5406 https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01  View
173554 33084 CVE-2014-5406 https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
19215 JVNDB-2014-008092 Hospira LifeCare PCA Infusion System における設定を変更される脆弱性 The Hospira LifeCare PCA Infusion System は、(1) 薬品のライブラリ、(2) ソフトウェアのアップデート、または (3) 設定の変更の送信に関連付けられたネットワークトラフィックを検証しないため、設定または投薬データを変更される脆弱性が存在します。 CVE-2014-5406 72695 CVE-2014-5406 33084 9.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-008092.html 2014-08-22 2015-07-09 View