var-201507-0389
Vulnerability from variot
Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via unspecified vectors. Multiple Hospira products are prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. The following products are available: Plum A+ Infusion System 13.4 and prior Plum A+3 Infusion System 13.6 and prior Symbiq Infusion System 3.13 and prior. Hospira LifeCare PCA Infusion System is an intelligent infusion system developed by Hospira in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0389",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lifecare pcainfusion",
"scope": "lte",
"trust": 1.0,
"vendor": "hospira",
"version": "5.0"
},
{
"model": "lifecare pca infusion system",
"scope": "lte",
"trust": 0.8,
"vendor": "hospira",
"version": "5.0"
},
{
"model": "lifecare pca3",
"scope": null,
"trust": 0.8,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pca5",
"scope": null,
"trust": 0.8,
"vendor": "hospira",
"version": null
},
{
"model": "lifecare pcainfusion",
"scope": "eq",
"trust": 0.6,
"vendor": "hospira",
"version": "5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
},
{
"db": "NVD",
"id": "CVE-2015-3955"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:hospira:lifecare_pcainfusion_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hospira:lifecare_pca3",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hospira:lifecare_pca5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "75132"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3955",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-3955",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-81916",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3955",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-3955",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-436",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-81916",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81916"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
},
{
"db": "NVD",
"id": "CVE-2015-3955"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via unspecified vectors. Multiple Hospira products are prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. \nA remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. \nThe following products are available:\nPlum A+ Infusion System 13.4 and prior\nPlum A+3 Infusion System 13.6 and prior\nSymbiq Infusion System 3.13 and prior. Hospira LifeCare PCA Infusion System is an intelligent infusion system developed by Hospira in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3955"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "BID",
"id": "75132"
},
{
"db": "VULHUB",
"id": "VHN-81916"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3955",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-125-01B",
"trust": 2.5
},
{
"db": "BID",
"id": "75132",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-81916",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81916"
},
{
"db": "BID",
"id": "75132"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
},
{
"db": "NVD",
"id": "CVE-2015-3955"
}
]
},
"id": "VAR-201507-0389",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81916"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:54:55.961000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LifeCare PCA Infusion System",
"trust": 0.8,
"url": "http://www.hospira.com/en/products_and_services/infusion_pumps/Lifecare/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81916"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "NVD",
"id": "CVE-2015-3955"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm446809.htm"
},
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-125-01b"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/75132"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3955"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3955"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81916"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
},
{
"db": "NVD",
"id": "CVE-2015-3955"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81916"
},
{
"db": "BID",
"id": "75132"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
},
{
"db": "NVD",
"id": "CVE-2015-3955"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81916"
},
{
"date": "2015-06-10T00:00:00",
"db": "BID",
"id": "75132"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-436"
},
{
"date": "2015-07-06T19:59:02.567000",
"db": "NVD",
"id": "CVE-2015-3955"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81916"
},
{
"date": "2015-07-15T00:29:00",
"db": "BID",
"id": "75132"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003460"
},
{
"date": "2015-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-436"
},
{
"date": "2024-11-21T02:30:08.360000",
"db": "NVD",
"id": "CVE-2015-3955"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hospira LifeCare PCA Infusion System Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003460"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-436"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…