Unrated severityNVD Advisory· Published Jul 6, 2015· Updated May 6, 2026

CVE-2014-5406

Description

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.

Affected products

Hospira/LifeCare PCA Infusion Systemv5
Range: 0
Hospira/Lifecare Pcainfusion Firmware
cpe:2.3:o:hospira:lifecare_pcainfusion_firmware:*:*:*:*:*:*:*:*
Range: <=5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htmnvdThird Party AdvisoryUS Government Resource
ics-cert.us-cert.gov/advisories/ICSA-15-125-01nvdThird Party AdvisoryUS Government Resource
github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-125-01.jsonnvd
www.cisa.gov/news-events/ics-advisories/icsa-15-125-01nvd
xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000