Unrated severityNVD Advisory· Published Apr 29, 2015· Updated Jun 17, 2026
CVE-2015-3459
CVE-2015-3459
Description
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- cpe:2.3:h:hospira:lifecare_pca3:-:*:*:*:*:*:*:*
- cpe:2.3:h:hospira:lifecare_pca5:-:*:*:*:*:*:*:*
- cpe:2.3:o:hospira:lifecare_pcainfusion_firmware:*:*:*:*:*:*:*:*Range: <=5.0
- Range: <7.0
Patches
Vulnerability mechanics
References
8- www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htmnvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/74414nvdThird Party AdvisoryVDB Entry
- ics-cert.us-cert.gov/advisories/ICSA-15-125-01nvdThird Party AdvisoryUS Government Resource
- hextechsecurity.comnvdBroken Link
- imgur.com/CEAnZjjnvdNot Applicable
- imgur.com/JHiWSqdnvdNot Applicable
- twitter.com/dyngnosis/status/592671049487142913nvdPress/Media Coverage
- twitter.com/dyngnosis/status/592743461977219072nvdPress/Media Coverage
News mentions
0No linked articles in our index yet.