Vulnerability CVE-2017-12722


Published: 2018-02-15

Description:
An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of the therapeutic module.

Type:

CWE-125

(Out-of-bounds Read)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Smiths-medical -> Medfusion 4000 wireless syringe infusion pump 

 References:
http://www.securityfocus.com/bid/100665
http://www.securityfocus.com/bid/101252
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A

Copyright 2024, cxsecurity.com

 

Back to Top