Search criteria
12 vulnerabilities found for mednet by hospira
FKIE_CVE-2014-5401
Vulnerability from fkie_nvd - Published: 2019-03-26 17:29 - Updated: 2025-11-03 19:15
Severity ?
Summary
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hospira:mednet:*:*:*:*:*:*:*:*",
"matchCriteriaId": "891CFD8D-5C12-4A8E-AEA1-928165D0B56B",
"versionEndIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1."
},
{
"lang": "es",
"value": "El software Hospira MedNet, en versiones 5.8 y anteriores, emplea versiones vulnerables del software JBoss Enterprise Application Platform que podr\u00edan permitir que usuarios no autenticados ejecuten c\u00f3digo arbitrario en el sistema objetivo. Hospira ha desarrollado una nueva versi\u00f3n del software de MedNet, la 6.1. Las versiones existentes de MedNet pueden actualizarse a MedNet 6.1."
}
],
"id": "CVE-2014-5401",
"lastModified": "2025-11-03T19:15:38.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-26T17:29:00.340",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-5405
Vulnerability from fkie_nvd - Published: 2015-04-03 10:59 - Updated: 2025-11-03 19:15
Severity ?
Summary
Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hospira:mednet:*:*:*:*:*:*:*:*",
"matchCriteriaId": "891CFD8D-5C12-4A8E-AEA1-928165D0B56B",
"versionEndIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password."
},
{
"lang": "es",
"value": "Hospira MedNet anterior a 6.1 utiliza una contrase\u00f1a en texto claro embebida para controlar la autorizaci\u00f3n de la base de datos SQL, lo que permite a usuarios remotos autenticados evadir las restricciones de acceso mediante el aprovechamiento del conocimiento de esta contrase\u00f1a."
}
],
"evaluatorImpact": "Per https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03:\n\n\u201cThe MedNet software contains plaintext storage of passwords for the SQL database that may allow an attacker to compromise the MedNet SQL server and gain administrative access to the workstation.\u201d\n\nBased on this information, the score has been adjusted. For additional information or questions please contact ICS-CERT (contact information available via advisory link).",
"id": "CVE-2014-5405",
"lastModified": "2025-11-03T19:15:38.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-03T10:59:02.290",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-259"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2014-5403
Vulnerability from fkie_nvd - Published: 2015-04-03 10:59 - Updated: 2025-11-03 19:15
Severity ?
Summary
Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hospira:mednet:*:*:*:*:*:*:*:*",
"matchCriteriaId": "891CFD8D-5C12-4A8E-AEA1-928165D0B56B",
"versionEndIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network."
},
{
"lang": "es",
"value": "Hospira MedNet anterior a 6.1 utiliza claves criptogr\u00e1ficas embebidas para la protecci\u00f3n de datos de transmisi\u00f3n provenientes de las bombas de infusi\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante la captura de trafico de la red."
}
],
"id": "CVE-2014-5403",
"lastModified": "2025-11-03T19:15:38.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-03T10:59:01.227",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-321"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2014-5400
Vulnerability from fkie_nvd - Published: 2015-04-03 10:59 - Updated: 2025-11-03 19:15
Severity ?
Summary
The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hospira:mednet:*:*:*:*:*:*:*:*",
"matchCriteriaId": "891CFD8D-5C12-4A8E-AEA1-928165D0B56B",
"versionEndIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
},
{
"lang": "es",
"value": "El componente de instalaci\u00f3n en Hospira MedNet anterior a 6.1 coloca a las credenciales en texto claro en los ficheros de configuraci\u00f3n, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un fichero."
}
],
"id": "CVE-2014-5400",
"lastModified": "2025-11-03T19:15:37.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-03T10:59:00.070",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-260"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CVE-2014-5401 (GCVE-0-2014-5401)
Vulnerability from cvelistv5 – Published: 2019-03-26 16:21 – Updated: 2025-11-03 18:20
VLAI?
Title
Hospira MedNet Code Injection
Summary
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Credits
Billy Rios
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MedNet",
"vendor": "Hospira",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2015-03-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nHospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.\n\n\u003c/p\u003e"
}
],
"value": "Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:20:04.649Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\u003c/p\u003e\n\u003cp\u003eHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002.\u003c/p\u003e"
}
],
"value": "Hospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\n\n\nHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002."
}
],
"source": {
"advisory": "ICSA-15-090-03",
"discovery": "EXTERNAL"
},
"title": "Hospira MedNet Code Injection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5401",
"datePublished": "2019-03-26T16:21:54",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-03T18:20:04.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5400 (GCVE-0-2014-5400)
Vulnerability from cvelistv5 – Published: 2015-04-03 10:00 – Updated: 2025-11-03 18:26
VLAI?
Title
Hospira MedNet Password in Configuration File
Summary
The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Credits
Billy Rios
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MedNet",
"vendor": "Hospira",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2015-03-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.\u003c/p\u003e"
}
],
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-260",
"description": "CWE-260",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:26:56.284Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\u003c/p\u003e\n\u003cp\u003eHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002.\u003c/p\u003e"
}
],
"value": "Hospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\n\n\nHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002."
}
],
"source": {
"advisory": "ICSA-15-090-03",
"discovery": "EXTERNAL"
},
"title": "Hospira MedNet Password in Configuration File",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5400",
"datePublished": "2015-04-03T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-03T18:26:56.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5403 (GCVE-0-2014-5403)
Vulnerability from cvelistv5 – Published: 2015-04-03 10:00 – Updated: 2025-11-03 18:22
VLAI?
Title
Hospira MedNet Use of Hard-coded Cryptographic Key
Summary
Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Credits
Billy Rios
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MedNet",
"vendor": "Hospira",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2015-03-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nHospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.\n\n\u003c/p\u003e"
}
],
"value": "Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:22:39.434Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\u003c/p\u003e\n\u003cp\u003eHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002.\u003c/p\u003e"
}
],
"value": "Hospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\n\n\nHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002."
}
],
"source": {
"advisory": "ICSA-15-090-03",
"discovery": "EXTERNAL"
},
"title": "Hospira MedNet Use of Hard-coded Cryptographic Key",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5403",
"datePublished": "2015-04-03T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-03T18:22:39.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5405 (GCVE-0-2014-5405)
Vulnerability from cvelistv5 – Published: 2015-04-03 10:00 – Updated: 2025-11-03 18:25
VLAI?
Title
Hospira MedNet Use of Hard-coded Password
Summary
Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Credits
Billy Rios
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MedNet",
"vendor": "Hospira",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2015-03-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\nHospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.\n\n\u003c/p\u003e"
}
],
"value": "Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:25:50.764Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\u003c/p\u003e\n\u003cp\u003eHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002.\u003c/p\u003e"
}
],
"value": "Hospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\n\n\nHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002."
}
],
"source": {
"advisory": "ICSA-15-090-03",
"discovery": "EXTERNAL"
},
"title": "Hospira MedNet Use of Hard-coded Password",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5405",
"datePublished": "2015-04-03T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-03T18:25:50.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5401 (GCVE-0-2014-5401)
Vulnerability from nvd – Published: 2019-03-26 16:21 – Updated: 2025-11-03 18:20
VLAI?
Title
Hospira MedNet Code Injection
Summary
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Credits
Billy Rios
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MedNet",
"vendor": "Hospira",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2015-03-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nHospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.\n\n\u003c/p\u003e"
}
],
"value": "Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:20:04.649Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\u003c/p\u003e\n\u003cp\u003eHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002.\u003c/p\u003e"
}
],
"value": "Hospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\n\n\nHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002."
}
],
"source": {
"advisory": "ICSA-15-090-03",
"discovery": "EXTERNAL"
},
"title": "Hospira MedNet Code Injection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5401",
"datePublished": "2019-03-26T16:21:54",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-03T18:20:04.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5400 (GCVE-0-2014-5400)
Vulnerability from nvd – Published: 2015-04-03 10:00 – Updated: 2025-11-03 18:26
VLAI?
Title
Hospira MedNet Password in Configuration File
Summary
The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Credits
Billy Rios
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MedNet",
"vendor": "Hospira",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2015-03-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.\u003c/p\u003e"
}
],
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-260",
"description": "CWE-260",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:26:56.284Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\u003c/p\u003e\n\u003cp\u003eHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002.\u003c/p\u003e"
}
],
"value": "Hospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\n\n\nHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002."
}
],
"source": {
"advisory": "ICSA-15-090-03",
"discovery": "EXTERNAL"
},
"title": "Hospira MedNet Password in Configuration File",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5400",
"datePublished": "2015-04-03T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-03T18:26:56.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5403 (GCVE-0-2014-5403)
Vulnerability from nvd – Published: 2015-04-03 10:00 – Updated: 2025-11-03 18:22
VLAI?
Title
Hospira MedNet Use of Hard-coded Cryptographic Key
Summary
Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Credits
Billy Rios
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MedNet",
"vendor": "Hospira",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2015-03-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nHospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.\n\n\u003c/p\u003e"
}
],
"value": "Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:22:39.434Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\u003c/p\u003e\n\u003cp\u003eHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002.\u003c/p\u003e"
}
],
"value": "Hospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\n\n\nHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002."
}
],
"source": {
"advisory": "ICSA-15-090-03",
"discovery": "EXTERNAL"
},
"title": "Hospira MedNet Use of Hard-coded Cryptographic Key",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5403",
"datePublished": "2015-04-03T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-03T18:22:39.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5405 (GCVE-0-2014-5405)
Vulnerability from nvd – Published: 2015-04-03 10:00 – Updated: 2025-11-03 18:25
VLAI?
Title
Hospira MedNet Use of Hard-coded Password
Summary
Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Credits
Billy Rios
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MedNet",
"vendor": "Hospira",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2015-03-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\nHospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.\n\n\u003c/p\u003e"
}
],
"value": "Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:25:50.764Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\u003c/p\u003e\n\u003cp\u003eHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002.\u003c/p\u003e"
}
],
"value": "Hospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\n\n\nHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002."
}
],
"source": {
"advisory": "ICSA-15-090-03",
"discovery": "EXTERNAL"
},
"title": "Hospira MedNet Use of Hard-coded Password",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5405",
"datePublished": "2015-04-03T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-03T18:25:50.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}