A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100665 | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/101252 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A | Third Party Advisory US Government Resource |
https://www.exploit-db.com/exploits/43776/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2018-02-15T10:00:00
Updated: 2018-02-15T10:57:01
Reserved: 2017-08-09T00:00:00
Link: CVE-2017-12718
JSON object: View
NVD Information
Status : Modified
Published: 2018-02-15T10:29:00.227
Modified: 2019-10-09T23:23:11.937
Link: CVE-2017-12718
JSON object: View
Redhat Information
No data.