PT-2016-1115 · Hospira · Plum A+3 Infusion System+3

Jeremy Richards

Publicado

2016-01-22

Atualizado

2016-02-09

CVE-2015-7909

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Hospira Communication Engine versions prior to 1.2 LifeCare PCA Infusion System version 5.07 Plum A+ Infusion System version 13.40 Plum A+3 Infusion System version 13.40

Description The issue is caused by a stack-based buffer overflow in the Hospira Communication Engine, allowing remote attackers to cause a denial of service or possibly have other impacts via traffic on TCP port 5000.

Recommendations For Hospira Communication Engine versions prior to 1.2, update to version 1.2 or later. For LifeCare PCA Infusion System version 5.07, restrict access to TCP port 5000 until a patch is available. For Plum A+ Infusion System version 13.40, restrict access to TCP port 5000 until a patch is available. For Plum A+3 Infusion System version 13.40, restrict access to TCP port 5000 until a patch is available.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2016-00360

CVE-2015-7909

Produtos afetados

Hospira Communication Engine

Lifecare Pca Infusion System

Plum A+ Infusion System

Plum A+3 Infusion System

PT-2016-1115 · Hospira · Plum A+3 Infusion System+3

CVE-2015-7909

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3