CVE-2014-5422 — HIGH (9.7) — White Hats Nepal

Vulnerability Description

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS Score

9.7

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:P

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Carefusion	Pyxis Supplystation	8.1

Related Weaknesses (CWE)

CWE-255

References

https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01US Government Resource

FAQ

What is CVE-2014-5422?

CVE-2014-5422 is a vulnerability with a CVSS score of 9.7 (HIGH). CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors.

How severe is CVE-2014-5422?

CVE-2014-5422 has been rated HIGH with a CVSS base score of 9.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-5422?

Check the references section above for vendor advisories and patch information. Affected products include: Carefusion Pyxis Supplystation.