Current Description

Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

Evaluator Description

Per“The MedNet software contains plaintext storage of passwords for the SQL database that may allow an attacker to compromise the MedNet SQL server and gain administrative access to the workstation.�Based on this information, the score has been adjusted. For additional information or questions please contact ICS-CERT (contact information available via advisory link).

Basic Data

PublishedApril 03, 2015
Last ModifiedJuly 24, 2015
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.0
Exploitability Score8.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.


  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding

Vulnerable Software List

Hospira Mednet *


NameSourceURLTags Party Advisory US Government Resource