CVE-2015-7909
published 2016-01-22CVE-2015-7909: Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3…
PriorityP336high7.3CVSS 3.0
AVNACLPRNUINSUCLILAL
EPSS
1.11%
61.9th percentile
Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hospira | communication_engine | <= 1.0 | — |
| hospira | lifecare_pca_infusion_system | — | — |
CVSS provenance
nvdv3.07.3HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hospira Multiple Products Buffer Overflow Vulnerability
cisa_ics·2016-02-04
Hospira Multiple Products Buffer Overflow Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hospira Multiple Products Buffer Overflow Vulnerability
Last RevisedFebruary 04, 2016
Alert CodeICSA-15-337-02
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on December 3, 2015, and is being released to the NCCIC/ICS-CERT web site.
Jeremy Richards of SAINT Corporation has identified a buffer overflow vulnerability in Hospira’s LifeCare PCA Infusion System. Hospira has determined that LifeCare PCA Infusion Systems released prior to July 2009 that are running Communication Engine (CE) Version 1.0 or earlier are vulnerable. In response to Jer
GHSA
GHSA-j92p-c8gf-5j3h: Stack-based buffer overflow in Hospira Communication Engine (CE) before 1
ghsa_unreviewed·2022-05-17
CVE-2015-7909 [HIGH] CWE-119 GHSA-j92p-c8gf-5j3h: Stack-based buffer overflow in Hospira Communication Engine (CE) before 1
Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-01-22
Published