← Back to home
ICSA-15-132-01  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

Hospira LifeCare PCA Infusion System Vulnerabilities

CVSS 7.5 HIGH

CVEs (1)

Remediations

  • CS-CERT has been working with Hospira since May 2014 to address the vulnerabilities in the LifeCare PCA Infusion System. Hospira has developed a new version of the PCS Infusion System, Version 7.0 that addresses the identified vulnerabilities. According to Hospira, Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access. Existing PCA Infusion Systems running Version 5.0 can be upgraded to Version 7.0 when it becomes available. Hospira’s Version 7.0 is being reviewed by the FDA prior to its release. The release date for Version 7.0 of the LifeCare PCA Infusion System has not been determined. For additional information about Hospira’s new release, contact Hospira’s technical support at 1‑800-241-4002. ICS-CERT encourages asset owners to take defensive measures to protect against this and other cybersecurity risks.

Affected Vendors

Hospira

Affected Products (1)

Hospira · LifeCare PCA Infusion System <=5.0

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more