CVE-2015-3459 Information

Description

The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions which allows remote attackers to modify the pump configuration via unspecified commands.

Reference

http://hextechsecurity.com/?p=123 http://imgur.com/CEAnZjj http://imgur.com/JHiWSqd http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm http://www.securityfocus.com/bid/74414 https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01 https://twitter.com/dyngnosis/status/592671049487142913 https://twitter.com/dyngnosis/status/592743461977219072