CVE-2014-5405

Hospira MedNet < 5.8 and >= 6.1 - Authenticated Exposure of Sensitive Information via Hardcoded SQL Password

Title source: llm

Description

Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

References (3)

Core 3

Core References

Third Party Advisory, US Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03

Various Sources

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json

View Writeup ZIP pw:eip

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03

Scores

EPSS 0.0237

EPSS Percentile 81.6%

Details

CWE

CWE-200 CWE-259

Status published

Products (3)

hospira/mednet < 5.8

Hospira/MedNet < 5.8

Hospira/MedNet 6.1

Published Apr 03, 2015

Tracked Since Feb 18, 2026