CVE-2015-3459

Medienbericht

EPSS 17.74%
Veröffentlicht 29.04.2015 23:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hospira ≫ Lifecare Pcainfusion Firmware Version <= 5.0

Hospira ≫ Lifecare Pca3 Version-

Hospira ≫ Lifecare Pca5 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	17.74%	0.949

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://hextechsecurity.com/?p=123

Broken Link

http://imgur.com/CEAnZjj

Not Applicable

http://imgur.com/JHiWSqd

Not Applicable

http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/74414

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01

Third Party Advisory

US Government Resource

https://twitter.com/dyngnosis/status/592671049487142913

Press/Media Coverage

https://twitter.com/dyngnosis/status/592743461977219072

Press/Media Coverage

https://nvd.nist.gov/vuln/detail/CVE-2015-3459

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3459

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3459

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2015-3459