#VU8225 Buffer overflow in Medfusion 4000 Wireless Syringe Infusion Pump - CVE-2017-12718
Published: September 11, 2017
Vulnerability identifier: #VU8225
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-12718
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Medfusion 4000 Wireless Syringe Infusion Pump
Medfusion 4000 Wireless Syringe Infusion Pump
Software vendor:
Smiths Medical
Smiths Medical
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling malicious input. A remote attacker can send specially crafted data, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to boundary error when handling malicious input. A remote attacker can send specially crafted data, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Smiths Medical is planning to release Version 1.6.1 for the Medfusion 4000 Wireless Syringe Infusion Pump in January, 2018.