CVE-2014-5405

Hospira Mednet < 5.8 - Information Disclosure

Title source: rule

Description

Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

References (3)

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03

[Various Sources] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json

View Writeup ZIP pw:eip

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03

Scores

EPSS 0.0041

EPSS Percentile 61.4%

Details

CWE

CWE-200 CWE-259

Status published

Products (3)

hospira/mednet < 5.8

Hospira/MedNet < 5.8

Hospira/MedNet 6.1

Published Apr 03, 2015

Tracked Since Feb 18, 2026