Sign-up

ID

VAR-201507-0389


CVE

CVE-2015-3955


TITLE

Hospira LifeCare PCA Infusion System Vulnerable to stack-based buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2015-003460

DESCRIPTION

Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via unspecified vectors. Multiple Hospira products are prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. The following products are available: Plum A+ Infusion System 13.4 and prior Plum A+3 Infusion System 13.6 and prior Symbiq Infusion System 3.13 and prior. Hospira LifeCare PCA Infusion System is an intelligent infusion system developed by Hospira in the United States

Trust: 1.98

sources: NVD: CVE-2015-3955 // JVNDB: JVNDB-2015-003460 // BID: 75132 // VULHUB: VHN-81916

AFFECTED PRODUCTS

vendor:hospiramodel:lifecare pcainfusionscope:lteversion:5.0

Trust: 1.0

vendor:hospiramodel:lifecare pca infusion systemscope:lteversion:5.0

Trust: 0.8

vendor:hospiramodel:lifecare pca3scope: - version: -

Trust: 0.8

vendor:hospiramodel:lifecare pca5scope: - version: -

Trust: 0.8

vendor:hospiramodel:lifecare pcainfusionscope:eqversion:5.0

Trust: 0.6

sources: JVNDB: JVNDB-2015-003460 // CNNVD: CNNVD-201506-436 // NVD: CVE-2015-3955

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3955
value: HIGH

Trust: 1.0

NVD: CVE-2015-3955
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201506-436
value: CRITICAL

Trust: 0.6

VULHUB: VHN-81916
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-3955
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-81916
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81916 // JVNDB: JVNDB-2015-003460 // CNNVD: CNNVD-201506-436 // NVD: CVE-2015-3955

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-81916 // JVNDB: JVNDB-2015-003460 // NVD: CVE-2015-3955

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-436

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201506-436

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003460

PATCH
title:LifeCare PCA Infusion Systemurl:http://www.hospira.com/en/products_and_services/infusion_pumps/Lifecare/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003460

EXTERNAL IDS
db:NVDid:CVE-2015-3955
Trust: 2.8
db:ICS CERTid:ICSA-15-125-01B
Trust: 2.5
db:BIDid:75132
Trust: 2.0
db:JVNDBid:JVNDB-2015-003460
Trust: 0.8
db:CNNVDid:CNNVD-201506-436
Trust: 0.7
db:VULHUBid:VHN-81916
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81916 // 
            
            
            
            BID: 75132 // 
            
            
            
            JVNDB: JVNDB-2015-003460 // 
            
            
            
            CNNVD: CNNVD-201506-436 // 
            
            
            
            NVD: CVE-2015-3955

REFERENCES
url:http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm446809.htm
Trust: 2.5
url:https://ics-cert.us-cert.gov/advisories/icsa-15-125-01b
Trust: 2.5
url:http://www.securityfocus.com/bid/75132
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3955
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3955
Trust: 0.8
sources:
            
            
            VULHUB: VHN-81916 // 
            
            
            
            JVNDB: JVNDB-2015-003460 // 
            
            
            
            CNNVD: CNNVD-201506-436 // 
            
            
            
            NVD: CVE-2015-3955

CREDITS
Billy Rios
Trust: 0.9
sources:
            
            
            BID: 75132 // 
            
            
            
            CNNVD: CNNVD-201506-436

SOURCES
db:VULHUBid:VHN-81916
db:BIDid:75132
db:JVNDBid:JVNDB-2015-003460
db:CNNVDid:CNNVD-201506-436
db:NVDid:CVE-2015-3955

LAST UPDATE DATE
2025-04-13T23:09:18.747000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81916date:2016-12-06T00:00:00
db:BIDid:75132date:2015-07-15T00:29:00
db:JVNDBid:JVNDB-2015-003460date:2015-07-09T00:00:00
db:CNNVDid:CNNVD-201506-436date:2015-07-07T00:00:00
db:NVDid:CVE-2015-3955date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-81916date:2015-07-06T00:00:00
db:BIDid:75132date:2015-06-10T00:00:00
db:JVNDBid:JVNDB-2015-003460date:2015-07-09T00:00:00
db:CNNVDid:CNNVD-201506-436date:2015-06-24T00:00:00
db:NVDid:CVE-2015-3955date:2015-07-06T19:59:02.567