CVE-2017-12722
published 2018-02-15CVE-2017-12722: An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component…
PriorityP427medium5.3CVSS 3.0
AVNACLPRNUINSUCNINAL
EPSS
2.46%
82.4th percentile
An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of the therapeutic module.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| smiths-medical | medfusion_4000_wireless_syringe_infusion_pump | — | — |
| smiths-medical | medfusion_4000_wireless_syringe_infusion_pump | — | — |
| smiths-medical | medfusion_4000_wireless_syringe_infusion_pump | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
NXP Semiconductors MQX RTOS (Update A)
cisa_ics·2017-10-12
NXP Semiconductors MQX RTOS (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
NXP Semiconductors MQX RTOS (Update A)
Last RevisedFebruary 01, 2018
Alert CodeICSA-17-285-04A
## CVSS v3 8.1
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: NXP Semiconductors
Equipment: MQX RTOS
Vulnerabilities: Classic Buffer Overflow, Out-of-Bounds Read
## UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-17-285-04 NXP Semiconductors MQX RTOS that was published October 12, 2017, on the NCCIC/ICS-CERT web site.
## AFFECTED PRODUCTS
The following versions of MQX Real-Time Operating System (RTOS) are used in
GHSA
GHSA-92p5-8hff-v96g: An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1
ghsa_unreviewed·2022-05-14
CVE-2017-12722 [MEDIUM] CWE-125 GHSA-92p5-8hff-v96g: An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1
An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of the therapeutic module.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-02-15
Published