CyberSec.Space Logo
返回 CVE 浏览器

CVE-2014-5405

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1350%
EPSS Percentile35.99th
Published2015年4月3日
Last Modified2026年5月6日

Vulnerability Description

Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

Affected Platforms (CPE)

📦
Hospira

Mednet

<= 5.8

References & Advisories

🔗 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json
🔗 https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03
🔗 https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03

相关漏洞威胁

CVE-2014-54019.8

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that ...

CVE-2014-54006.8

The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local us...

CVE-2014-54036.8

Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...