PT-2019-7164 · Hospira · Hospira Lifecare Pca Infusion System

Published

2019-03-25

Updated

2019-10-09

CVE-2015-1012

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Hospira LifeCare PCA Infusion System version 5

Description The issue concerns the storage of wireless keys in plain text. According to the information provided, version 3 of the system is not intended for wireless use and should not be modified for such purposes. Version 7.0 of the system has been developed to address the identified issues, including the closure of Port 20/FTP and Port 23/TELNET by default to prevent unauthorized access.

Recommendations For version 5 of the Hospira LifeCare PCA Infusion System, update to version 7.0 to address the identified vulnerabilities. For version 3 of the Hospira LifeCare PCA Infusion System, do not modify the system for wireless use in a clinical setting.

Fix

Cleartext Storage of Sensitive Information

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312CWE-200

Related Identifiers

CVE-2015-1012

Affected Products

Hospira Lifecare Pca Infusion System

PT-2019-7164 · Hospira · Hospira Lifecare Pca Infusion System

CVE-2015-1012

Weakness Enumeration

Related Identifiers

Affected Products

References · 2