The following vulnerabilities were found in Medicomp System’s MEDCIN Engine application:

CVE-2015-2898, CVE-2015-2901

Certain remote message parsing functions inside the MEDCIN service do not perform proper bounds checking on incoming data, which allow for specially crafted messages to cause a stack buffer overflow.

CVE-2015-2899 

Certain remote message parsing functions inside the MEDCIN service do not perform proper bounds checking on incoming data, which allow for specially crafted messages to cause a heap buffer overflow.

CVE-2015-2900 

A remote message parsing function inside the MEDCIN service does not properly validate a user provided index into memory which allows for a specially crafted message to write data anywhere in memory.

CVE-2015-6006 

Certain remote message parsing functions inside the MEDCIN service improperly truncate user supplied length values which allow for specially crafted messages to cause a heap buffer overflow.

Access Vector:Network Exploitable
Access Complexity:Low
Authentication:Not required to exploit
Impact Type:Allows remote code execution, Allows disruption of service
Privilege Level:SYSTEM

*** This list is presumed to be incomplete and inaccurate as the vendor would not release the customers affected by these vulnerabilities. This data was collected from here, here, here, and here.

Customers can retrieve the updated software at http://developer.medicomp.com.

If you are unable to obtain the updated software it is recommended that you block access to the MEDCIN service from the network at a minimum.