Vulnerabilities > CVE-2014-5421 - Credentials Management vulnerability in Carefusion Pyxis Supplystation 8.1

CVSS 6.8 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

PARTIAL

local

low complexity

carefusion

CWE-255

NVD

Published: 2014-10-19

Updated: 2014-10-22

Summary

CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access.

Vulnerable Configurations

Part	Description	Count
Hardware	Carefusion Carefusion Pyxis Supplystation 8.1	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01