Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2014-5401
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-26 Mar, 2019 | 16:21
Updated At-03 Nov, 2025 | 18:20
Rejected At-
▼CVE Numbering Authority (CNA)
Hospira MedNet Code Injection

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.

Affected Products
Vendor
Hospira
Product
MedNet
Default Status
unaffected
Versions
Affected
  • From 0 through 5.8 (custom)
Unaffected
  • 6.1
Problem Types
TypeCWE IDDescription
CWECWE-94CWE-94
Type: CWE
CWE ID: CWE-94
Description: CWE-94
Metrics
VersionBase scoreBase severityVector
2.010.0N/A
AV:N/AC:L/Au:N/C:C/I:C/A:C
Version: 2.0
Base score: 10.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Hospira has developed a new version of the MedNet software, MedNet 6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded passwords, hard-coded cryptographic keys, and no longer stores passwords in clear text. Existing versions of MedNet can be upgraded to MedNet 6.1. Hospira has produced mitigation recommendations that help mitigate the vulnerability in the vulnerable version of JBoss Enterprise Application Platform software, used in the MedNet software. This has been addressed by Hospira through issuance of the following knowledge based articles: Improving Security in Hospira MedNet 5.5 (August 2014) and Improving Security in Hospira MedNet 5.8 (August 2014). For additional information about Hospira’s new releases and mitigation recommendations, contact Hospira’s technical support at 1-800-241-4002.

Configurations
Workarounds
Exploits
Credits
finder
Billy Rios
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03
N/A
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03
Resource: N/A
Hyperlink: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03
x_refsource_MISC
x_transferred
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03
Resource:
x_refsource_MISC
x_transferred
Details not found