Sign-up

ID

VAR-201903-0645


CVE

CVE-2015-1012


TITLE

Hospira LifeCare PCA Infusion System Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2015-008246

DESCRIPTION

Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access. Hospira LifeCare PCA Infusion System Contains an information disclosure vulnerability.Information may be obtained. Attackers can exploit this issue to gain access to the sensitive information. Successful exploit may aid in other attacks

Trust: 1.98

sources: NVD: CVE-2015-1012 // JVNDB: JVNDB-2015-008246 // BID: 74687 // VULHUB: VHN-78972

AFFECTED PRODUCTS

vendor:pfizermodel:lifecare pca infusion systemscope:lteversion:5.0

Trust: 1.0

vendor:hospiramodel:lifecare pca infusion systemscope:eqversion:5

Trust: 0.8

sources: JVNDB: JVNDB-2015-008246 // NVD: CVE-2015-1012

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1012
value: HIGH

Trust: 1.0

NVD: CVE-2015-1012
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201505-285
value: HIGH

Trust: 0.6

VULHUB: VHN-78972
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-1012
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78972
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-1012
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-78972 // JVNDB: JVNDB-2015-008246 // CNNVD: CNNVD-201505-285 // NVD: CVE-2015-1012

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-312

Trust: 1.0

sources: VULHUB: VHN-78972 // JVNDB: JVNDB-2015-008246 // NVD: CVE-2015-1012

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-285

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201505-285

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008246

PATCH
title:Top Pageurl:https://www.pfizerinjectables.com/
Trust: 0.8
title:Hospira Lifecare PCA Infusion Pump Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90841
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-008246 // 
            
            
            
            CNNVD: CNNVD-201505-285

EXTERNAL IDS
db:NVDid:CVE-2015-1012
Trust: 2.8
db:ICS CERTid:ICSA-15-125-01
Trust: 2.5
db:JVNDBid:JVNDB-2015-008246
Trust: 0.8
db:CNNVDid:CNNVD-201505-285
Trust: 0.7
db:BIDid:74687
Trust: 0.4
db:VULHUBid:VHN-78972
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78972 // 
            
            
            
            BID: 74687 // 
            
            
            
            JVNDB: JVNDB-2015-008246 // 
            
            
            
            CNNVD: CNNVD-201505-285 // 
            
            
            
            NVD: CVE-2015-1012

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-125-01
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2015-1012
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1012
Trust: 0.8
sources:
            
            
            VULHUB: VHN-78972 // 
            
            
            
            JVNDB: JVNDB-2015-008246 // 
            
            
            
            CNNVD: CNNVD-201505-285 // 
            
            
            
            NVD: CVE-2015-1012

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 74687

SOURCES
db:VULHUBid:VHN-78972
db:BIDid:74687
db:JVNDBid:JVNDB-2015-008246
db:CNNVDid:CNNVD-201505-285
db:NVDid:CVE-2015-1012

LAST UPDATE DATE
2024-11-23T21:54:55.898000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78972date:2019-10-09T00:00:00
db:BIDid:74687date:2015-07-15T00:29:00
db:JVNDBid:JVNDB-2015-008246date:2019-05-10T00:00:00
db:CNNVDid:CNNVD-201505-285date:2019-04-08T00:00:00
db:NVDid:CVE-2015-1012date:2024-11-21T02:24:29.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-78972date:2019-03-25T00:00:00
db:BIDid:74687date:2015-05-13T00:00:00
db:JVNDBid:JVNDB-2015-008246date:2019-05-10T00:00:00
db:CNNVDid:CNNVD-201505-285date:2015-05-18T00:00:00
db:NVDid:CVE-2015-1012date:2019-03-25T19:29:00.290