Skip to main content

Lifecare Pcainfusion Firmware

6 CVEs product

Monthly

CVE-2015-3958 HIGH This Week

Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Lifecare Pcainfusion Firmware
NVD
CVSS 2.0
7.8
EPSS
2.0%
CVE-2015-3957 MEDIUM This Month

Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Lifecare Pcainfusion Firmware Lifecare Pca3 Lifecare Pca5
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-3955 CRITICAL Act Now

Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.4% and no vendor patch available.

RCE Buffer Overflow Lifecare Pcainfusion Firmware
NVD
CVSS 2.0
10.0
EPSS
14.4%
CVE-2015-1011 MEDIUM This Month

Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Lifecare Pcainfusion Firmware
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-5406 HIGH This Week

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Lifecare Pcainfusion Firmware
NVD GitHub
CVSS 2.0
7.6
EPSS
0.5%
CVE-2015-3459 CRITICAL Act Now

The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.7% and no vendor patch available.

Privilege Escalation Lifecare Pcainfusion Firmware Lifecare Pca3 Lifecare Pca5
NVD
CVSS 2.0
10.0
EPSS
17.7%
EPSS 2% CVSS 7.8
HIGH This Week

Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Lifecare Pcainfusion Firmware
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Lifecare Pcainfusion Firmware Lifecare Pca3 +1
NVD
EPSS 14% CVSS 10.0
CRITICAL Act Now

Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.4% and no vendor patch available.

RCE Buffer Overflow Lifecare Pcainfusion Firmware
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Lifecare Pcainfusion Firmware
NVD
EPSS 1% CVSS 7.6
HIGH This Week

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Lifecare Pcainfusion Firmware
NVD GitHub
EPSS 18% CVSS 10.0
CRITICAL Act Now

The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.7% and no vendor patch available.

Privilege Escalation Lifecare Pcainfusion Firmware Lifecare Pca3 +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy