CVE-2015-1012
25.03.2019, 19:29
Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.Enginsight
| Vendor | Product | Version |
|---|---|---|
| pfizer | lifecare_pca_infusion_system_firmware | 𝑥 ≤ 5.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-312 - Cleartext Storage of Sensitive InformationThe product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.