CVE-2014-5403

Published: Apr 3, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected (1)

Products: Hospira: Mednet

Hospira

1 product

Mednet

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hospira Mednet	Up to 5.8

Related CWEs

CWE-310

CWE-321

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References (3)

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json

Source: ics-cert@hq.dhs.gov

https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03

Source: ics-cert@hq.dhs.gov

https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.