Sign-up

ID

VAR-201507-0060


CVE

CVE-2015-1011


TITLE

Hospira LifeCare PCA Infusion System Vulnerabilities that gain access

Trust: 0.8

sources: JVNDB: JVNDB-2015-003461

DESCRIPTION

Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Hospira LifeCare PCA Infusion System Contains hard-coded authentication information, so there is a vulnerability that can gain access.Access may be obtained by a third party. Hospira Lifecare PCA Infusion Pump is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device. Hospira LifeCare PCA Infusion System is an intelligent infusion system developed by Hospira in the United States

Trust: 1.98

sources: NVD: CVE-2015-1011 // JVNDB: JVNDB-2015-003461 // BID: 74684 // VULHUB: VHN-78971

AFFECTED PRODUCTS

vendor:hospiramodel:lifecare pcainfusionscope:lteversion:5.0

Trust: 1.0

vendor:hospiramodel:lifecare pca infusion systemscope:ltversion:7.0

Trust: 0.8

vendor:hospiramodel:lifecare pca3scope: - version: -

Trust: 0.8

vendor:hospiramodel:lifecare pca5scope: - version: -

Trust: 0.8

vendor:hospiramodel:lifecare pcainfusionscope:eqversion:5.0

Trust: 0.6

sources: JVNDB: JVNDB-2015-003461 // CNNVD: CNNVD-201505-286 // NVD: CVE-2015-1011

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1011
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-1011
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-286
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78971
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-1011
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78971
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78971 // JVNDB: JVNDB-2015-003461 // CNNVD: CNNVD-201505-286 // NVD: CVE-2015-1011

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-78971 // JVNDB: JVNDB-2015-003461 // NVD: CVE-2015-1011

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-286

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201505-286

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003461

PATCH
title:LifeCare PCA Infusion Systemurl:http://www.hospira.com/en/products_and_services/infusion_pumps/Lifecare/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003461

EXTERNAL IDS
db:NVDid:CVE-2015-1011
Trust: 2.8
db:ICS CERTid:ICSA-15-125-01A
Trust: 1.7
db:BIDid:74684
Trust: 1.0
db:ICS CERTid:ICSA-15-125-01B
Trust: 0.8
db:JVNDBid:JVNDB-2015-003461
Trust: 0.8
db:CNNVDid:CNNVD-201505-286
Trust: 0.7
db:VULHUBid:VHN-78971
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78971 // 
            
            
            
            BID: 74684 // 
            
            
            
            JVNDB: JVNDB-2015-003461 // 
            
            
            
            CNNVD: CNNVD-201505-286 // 
            
            
            
            NVD: CVE-2015-1011

REFERENCES
url:http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm446809.htm
Trust: 2.5
url:https://ics-cert.us-cert.gov/advisories/icsa-15-125-01a
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1011
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-15-125-01b
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1011
Trust: 0.8
url:http://www.securityfocus.com/bid/74684
Trust: 0.6
sources:
            
            
            VULHUB: VHN-78971 // 
            
            
            
            JVNDB: JVNDB-2015-003461 // 
            
            
            
            CNNVD: CNNVD-201505-286 // 
            
            
            
            NVD: CVE-2015-1011

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 74684

SOURCES
db:VULHUBid:VHN-78971
db:BIDid:74684
db:JVNDBid:JVNDB-2015-003461
db:CNNVDid:CNNVD-201505-286
db:NVDid:CVE-2015-1011

LAST UPDATE DATE
2025-04-12T22:59:17.328000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78971date:2015-07-08T00:00:00
db:BIDid:74684date:2015-07-15T00:29:00
db:JVNDBid:JVNDB-2015-003461date:2015-07-09T00:00:00
db:CNNVDid:CNNVD-201505-286date:2015-07-07T00:00:00
db:NVDid:CVE-2015-1011date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-78971date:2015-07-06T00:00:00
db:BIDid:74684date:2015-05-13T00:00:00
db:JVNDBid:JVNDB-2015-003461date:2015-07-09T00:00:00
db:CNNVDid:CNNVD-201505-286date:2015-05-18T00:00:00
db:NVDid:CVE-2015-1011date:2015-07-06T19:59:01.677