CVE-2015-1012

CVE-2015-1012

Vendor Hospira
Product LifeCare PCA Infusion System
Weakness CWE-312 · Cleartext storage
Published March 25, 2019
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.

Key dates

02Disclosure timeline

March 25, 2019 CVE published
August 6, 2024 Record updated