← Back to home
ICSA-15-090-03  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

Hospira MedNet Vulnerabilitie

CVSS 9.8 CRITICAL

CVEs (1)

Remediations

  • Hospira has developed a new version of the MedNet software, MedNet 6.1
  • Hospira reports that MedNet 6.1 no longer uses hard-coded passwords, hard-coded cryptographic keys, and no longer stores passwords in clear text
  • Existing versions of MedNet can be upgraded to MedNet 6.1
  • Hospira has produced mitigation recommendations that help mitigate the vulnerability in the vulnerable version of JBoss Enterprise Application Platform software, used in the MedNet software
  • This has been addressed by Hospira through issuance of the following knowledge based articles: Improving Security in Hospira MedNet 5.5 (August 2014) and Improving Security in Hospira MedNet 5.8 (August 2014)
  • For additional information about Hospira’s new releases and mitigation recommendations, contact Hospira’s technical support at 1-800-241-4002.

Affected Vendors

Hospira

Affected Products (1)

Hospira · MedNet <=5.8

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more