VYPR
Unrated severityNVD Advisory· Published Jul 6, 2015· Updated Jun 17, 2026

CVE-2014-5406

CVE-2014-5406

Description

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:o:hospira:lifecare_pcainfusion_firmware:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:hospira:lifecare_pcainfusion_firmware:*:*:*:*:*:*:*:*range: <=5.0
    • (no CPE)range: <7.0
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.