CVE-2014-5406

CVE-2014-5406: Hospira LifeCare PCA Infusion System

Vendor Hospira
Product LifeCare PCA Infusion System
Weakness CWE-345
Published July 6, 2015
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459.

Key dates

02Disclosure timeline

July 6, 2015 CVE published
November 3, 2025 Record updated