CVE-2015-7909

Published: Jan 22, 2016Modified: May 6, 2026

7.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: NVD

Description

Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000.

Affected (2)

Products: Hospira: Communication Engine, Lifecare Pca Infusion System

2 products

Communication Engine

Lifecare Pca Infusion System

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Hospira Communication Engine	Up to 1.0
Hospira Lifecare Pca Infusion System	Version 5.0.7

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.