Jeremy Richards

**Name of the Vulnerable Software and Affected Versions** Hospira Communication Engine versions prior to 1.2 LifeCare PCA Infusion System version 5.07 Plum A+ Infusion System version 13.40 Plum A+3 Infusion System version 13.40 **Description** The issue is caused by a stack-based buffer overflow in the Hospira Communication Engine, allowing remote attackers to cause a denial of service or possibly have other impacts via traffic on TCP port 5000. **Recommendations** For Hospira Communication Engine versions prior to 1.2, update to version 1.2 or later. For LifeCare PCA Infusion System version 5.07, restrict access to TCP port 5000 until a patch is available. For Plum A+ Infusion System version 13.40, restrict access to TCP port 5000 until a patch is available. For Plum A+3 Infusion System version 13.40, restrict access to TCP port 5000 until a patch is available.