PT-2016-1115 · Hospira · Plum A+3 Infusion System+3

Jeremy Richards

Published

2016-01-22

Updated

2016-02-09

CVE-2015-7909

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Hospira Communication Engine versions prior to 1.2 LifeCare PCA Infusion System version 5.07 Plum A+ Infusion System version 13.40 Plum A+3 Infusion System version 13.40

Description The issue is caused by a stack-based buffer overflow in the Hospira Communication Engine, allowing remote attackers to cause a denial of service or possibly have other impacts via traffic on TCP port 5000.

Recommendations For Hospira Communication Engine versions prior to 1.2, update to version 1.2 or later. For LifeCare PCA Infusion System version 5.07, restrict access to TCP port 5000 until a patch is available. For Plum A+ Infusion System version 13.40, restrict access to TCP port 5000 until a patch is available. For Plum A+3 Infusion System version 13.40, restrict access to TCP port 5000 until a patch is available.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2016-00360

CVE-2015-7909

Affected Products

Hospira Communication Engine

Lifecare Pca Infusion System

Plum A+ Infusion System

Plum A+3 Infusion System

PT-2016-1115 · Hospira · Plum A+3 Infusion System+3

CVE-2015-7909

Weakness Enumeration

Related Identifiers

Affected Products

References · 3