Vulnerability Description
A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smiths-Medical | Medfusion 4000 Wireless Syringe Infusion Pump | 1.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100665Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/101252Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02AThird Party AdvisoryUS Government Resource
- https://www.exploit-db.com/exploits/43776/Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/100665Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/101252Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02AThird Party AdvisoryUS Government Resource
- https://www.exploit-db.com/exploits/43776/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-12718?
CVE-2017-12718 is a vulnerability with a CVSS score of 8.1 (HIGH). A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify inpu...
How severe is CVE-2017-12718?
CVE-2017-12718 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12718?
Check the references section above for vendor advisories and patch information. Affected products include: Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump.