Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Serious security flaws found in Hospira LifeCare drug pumps

Serious security flaws found in Hospira LifeCare drug pumps


Securityweek - (National) The U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) published an advisory based on a Canadian researcher's findings that detailed several security issues in Hospira LifeCare PCA3 drug infusion pumps, including an improper authorization issue and insufficient verification of data authenticity which can be exploited by a remote attacker to upload drug libraries, configuration changes, and software updates. The company developed LifeCare PCA infusion system version 7.0 addressing the vulnerabilities, which is currently under review by the U.S. Food and Drug Administration.


Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at:

Last Updated: 27 May 2016 10:24:15