CVE-2017-12718

A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation.
References
Link Resource
http://www.securityfocus.com/bid/100665 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101252 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A Third Party Advisory US Government Resource
https://www.exploit-db.com/exploits/43776/ Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*
cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*
cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*
cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-02-15 10:29

Updated : 2024-02-04 19:46


NVD link : CVE-2017-12718

Mitre link : CVE-2017-12718

CVE.ORG link : CVE-2017-12718


JSON object : View

Products Affected

smiths-medical

  • medfusion_4000_wireless_syringe_infusion_pump
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')