CVE-2017-12718
moderate-risk
Published 2018-02-15
A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation.
Do I need to act?
!
25.8% chance of exploitation in next 30 days
EPSS score — higher than 74% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ HIGH complexity
Affected Products (3)
Medfusion 4000 Wireless Syringe Infusion Pump
Medfusion 4000 Wireless Syringe Infusion Pump
Medfusion 4000 Wireless Syringe Infusion Pump
Affected Vendors
References (8)
Third Party Advisory
http://www.securityfocus.com/bid/100665
Third Party Advisory
http://www.securityfocus.com/bid/101252
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
Third Party Advisory
https://www.exploit-db.com/exploits/43776/
Third Party Advisory
http://www.securityfocus.com/bid/100665
Third Party Advisory
http://www.securityfocus.com/bid/101252
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
Third Party Advisory
https://www.exploit-db.com/exploits/43776/
48
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
15/34 · Moderate
Exposure
9/34 · Low