SB2017091105 - Multiple vulnerabilities in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump
Published: September 11, 2017
Security Bulletin ID
SB2017091105
Severity
High
Patch available
NO
Number of vulnerabilities
8
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2017-12718)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling malicious input. A remote attacker can send specially crafted data, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
2) Out-of-bounds read (CVE-ID: CVE-2017-12722)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read. A remote attacker can trigger the communications module to crash.
Successful exploitation of the vulnerability results in denial of service.
3) Use of hardcoded credentials (CVE-ID: CVE-2017-12725)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to use of hard-coded credentials to automatically establish a wireless network connection by the pump with default network configuration. A remote attacker can trigger improper attachment of the network stack to the wireless network by the pump and direct all network traffic over the wired Ethernet connection.
4) Improper access control (CVE-ID: CVE-2017-12720)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to improper access control. A remote attacker can bypass authentication and gain access to the FTP server. Successful exploitation of the vulnerability is possible if the pump is configured to allow FTP connections.
5) Use of hardcoded credentials (CVE-ID: CVE-2017-12724)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to FTP server on the pump contains not fully initialized hardcoded credentials. A remote attacker can bypass authentication and gain access to the FTP server. Successful exploitation of the vulnerability is possible if the pump is configured to allow FTP connections.
6) Use of hardcoded credentials (CVE-ID: CVE-2017-12726)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to use of hardcoded credentials by Telnet on the pump. A remote attacker can bypass security restrictions. Successful exploitation of the vulnerability is possible if the pump is configured to allow external communications.
7) Man-in-the-middle attack (CVE-ID: CVE-2017-12721)
The vulnerability allows a remote attacker to perform man-in-the-middle attack.The weakness exists due to insufficient verification of host certificate. A remote attacker can conduct a man-in-the-middle attack to access and modify data.
8) Information disclosure (CVE-ID: CVE-2017-12723)
The vulnerability allows a remote attacker to obtain potentially sensitive information.The weakness exists due to the pump stores some passwords in the configuration file. A remote attacker can gain access to arbitrary data. Successful exploitation of the vulnerability is possible if the pump is configured to allow external communications.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.