QwikSec

Security Database

CVE

CWE

Training

CVE-2017-12718

Published: Feb 15, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation.

Vendor	Product	Versions
n/a	Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump	affected `Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump`

Weaknesses (CWE)

References

https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A

x_refsource_MISC

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_BID

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.