CVE-2015-3459

Name of the Vulnerable Software and Affected Versions Hospira LifeCare PCA Infusion System versions prior to 7.0

Description The issue concerns the lack of authentication for Telnet sessions on the communication module of the affected device. This allows a remote attacker to gain control over the device by exploiting the absence of authentication on port 23, specifically for root Telnet sessions. The attacker can modify the pump configuration using unspecified commands.

Recommendations For versions prior to 7.0, consider disabling the Telnet protocol or restricting access to port 23 until a patch is available. As a temporary workaround, limit network access to the device to minimize the risk of exploitation.