Vulnerabilities > CVE-2014-5422 - Credentials Management vulnerability in Carefusion Pyxis Supplystation 8.1

CVSS 9.7 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

PARTIAL

network

low complexity

carefusion

CWE-255

critical

NVD

Published: 2014-10-19

Updated: 2014-10-22

Summary

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Hardware	Carefusion Carefusion Pyxis Supplystation 8.1	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01