HIGH🇵🇱 Wersja polska

CVE-2015-3459

CVSS 10.0v2.0pub. 2015-04-29upd. 2026-05-06

The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Hospira Lifecare Pca3

    HW
    Hospira
    wszystkie wersje
  • Hospira Lifecare Pca5

    HW
    Hospira
    wszystkie wersje
  • Hospira Lifecare Pcainfusion Firmware

    OS
    Hospira
    ≤ 5.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2014-5406HIGH7.6ten sam produkt

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending ...

CVE-2015-3955HIGH10.0ten sam produkt

Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versio...

CVE-2015-3958HIGH7.8ten sam produkt

Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to ...

CVE-2015-1011MEDIUM5.0ten sam produkt

Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote at...

CVE-2015-3957MEDIUM4.6ten sam produkt

Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified im...