CyberSec.Space Logo
Back to CVE Browser

CVE-2014-5405

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1350%
EPSS Percentile35.99th
PublishedApr 3, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

Affected Platforms (CPE)

๐Ÿ“ฆ
Hospira

Mednet

<= 5.8

References & Advisories

๐Ÿ”— https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json
๐Ÿ”— https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03
๐Ÿ”— https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03

Related Vulnerabilities

CVE-2014-54019.8

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that ...

CVE-2014-54006.8

The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local us...

CVE-2014-54036.8

Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...