CVE-2014-5400

Published: Apr 3, 2015Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.

Affected (1)

Products: Hospira: Mednet

Hospira

1 product

Mednet

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hospira Mednet	Up to 5.8

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-260

Password in Configuration File

The product stores a password in a configuration file that might be accessible to actors who do not know the password.

References (3)

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json

Source: ics-cert@hq.dhs.gov

https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03

Source: ics-cert@hq.dhs.gov

https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.