从提供的图片和文档内容中,提取到关于漏洞的关键信息如下: 漏洞ID: ICSA-15-125-01 CVE编号: CVE-2015-3459 CWE编号: CWE-285 (Improper Authorization) 影响的产品: Hospira LifeCare PCA Infusion System <= 5.0 漏洞描述: The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication, which allows remote attackers to send commands directly to the PCA. CVSSv2评分: ,评分为10.0,表示这是一个高危漏洞。 修复建议: CISA recommends users take the following measures to minimize the risk of exploitation: - Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet. - Locate control system networks and remote devices behind firewalls and isolate them from the business network. - When remote access is required, use secure remote access technologies such as Virtual Private Networks (VPNs). - Perform proper impact analysis and risk assessment prior to deploying any solutions. - Implement recommended cybersecurity strategies for proactive defensive measures and mitigation. - Additional mitigation guidance and recommended practices are publicly available on the ICS website. 发布时间: 2015-02-05 历史记录: - Initial Publication: 2015-02-05 - Advisory converted into a CSAF: 2025-06-06 发布者: CISA 参考链接: - ICS Advisory ICSA-15-125-01 JSON - ICS Advisory ICSA-15-125-01 - Web Version - Recommended Practices (Multiple links provided by CISA)