The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01
http://www.securityfocus.com/bid/74414
http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
https://twitter.com/dyngnosis/status/592743461977219072
https://twitter.com/dyngnosis/status/592671049487142913
http://imgur.com/JHiWSqd
http://imgur.com/CEAnZjj
Source: Mitre, NVD
Published: 2015-04-29
Updated: 2026-06-17
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.05162