← back
CVE-2015-3459

CVE-2015-3459

EPSS 5.2%
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://hextechsecurity.com/?p=123http://imgur.com/CEAnZjjhttp://imgur.com/JHiWSqdhttps://ics-cert.us-cert.gov/advisories/ICSA-15-125-01https://twitter.com/dyngnosis/status/592671049487142913https://twitter.com/dyngnosis/status/592743461977219072http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htmhttp://www.securityfocus.com/bid/74414