← Back

CVE-2015-3459

nvd nist
Published: Apr 29, 2015Modified: May 6, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.

Affected (3)

Hospira
3 products
Lifecare Pcainfusion Firmware
Lifecare Pca3
Lifecare Pca5
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Lifecare Pcainfusion Firmware
Up to 5.0
Lifecare Pca3
All versions
Lifecare Pca5
All versions

Related CWEs

CWE-264
CWE-264

References (16)

Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Not Applicable
Source: cve@mitre.org
Not Applicable
Source: cve@mitre.org
Third Party AdvisoryUS Government Resource
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryUS Government Resource
Source: cve@mitre.org
Press/Media Coverage
Source: cve@mitre.org
Press/Media Coverage
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage

Timeline

No history available yet.