- Description
- The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hospira:lifecare_pcainfusion_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EF8A9BC-9349-4A57-A7B7-63640A066189",
"versionEndIncluding": "5.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hospira:lifecare_pca3:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86AC1C1C-D9FC-4EEE-B1A6-CEB03351EA58"
},
{
"criteria": "cpe:2.3:h:hospira:lifecare_pca5:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3551213-7D88-43AC-B56A-50F063884258"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]