Sign-up

ID

VAR-201802-0478


CVE

CVE-2017-12718


TITLE

Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 5166b119-87ed-4df9-b95b-46e0eafe6d6a // CNVD: CNVD-2017-25723

DESCRIPTION

A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation. NXP Semiconductors Provided by MQX RTOS Has multiple vulnerabilities. Buffer overflow (CWE-120) - CVE-2017-12718 MQX version 5.0 of RTCS DHCP On the client, DHCP option 66 and 67 The data length check corresponding to is not performed correctly. A remote third party crafted these data items DHCP Sending a packet can cause a buffer overflow and execute arbitrary code. Read out of bounds (CWE-125) - CVE-2017-12722 MQX version 4.1 And earlier DNS The client is illegal DNS The packet size cannot be handled properly and an out-of-region memory reference occurs. Remote third party crafted DNS Sending a packet causes an out-of-region memory reference and disrupts service operation ( DoS ) Is possible.The expected impact depends on each vulnerability, but can be affected as follows: * * Crafted by a remote third party DHCP By sending a packet, arbitrary code is executed with system privileges. - CVE-2017-12718 * * Crafted by a remote third party DNS By sending a packet, service disruption ( DoS ) - CVE-2017-12722. A buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. An access-bypass vulnerability 4. Multiple security-bypass vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Attackers can exploit these issues to crash the application, resulting in a denial-of-service condition. The vulnerability is caused by the program not checking the size of the input buffer

Trust: 3.69

sources: NVD: CVE-2017-12718 // CERT/CC: VU#590639 // JVNDB: JVNDB-2017-010586 // CNVD: CNVD-2017-25723 // BID: 100665 // BID: 101252 // IVD: 5166b119-87ed-4df9-b95b-46e0eafe6d6a // VULHUB: VHN-103268

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 5166b119-87ed-4df9-b95b-46e0eafe6d6a // CNVD: CNVD-2017-25723

AFFECTED PRODUCTS

vendor:smiths medicalmodel:medfusion 4000 wireless syringe infusion pumpscope:eqversion:1.1

Trust: 1.6

vendor:smiths medicalmodel:medfusion 4000 wireless syringe infusion pumpscope:eqversion:1.6

Trust: 1.6

vendor:smiths medicalmodel:medfusion 4000 wireless syringe infusion pumpscope:eqversion:1.5

Trust: 1.6

vendor:nxp semiconductorsmodel: - scope: - version: -

Trust: 0.8

vendor:nxp semiconductorsmodel:mqx real-time operating systemscope:lteversion:version 4.1 (cve-2017-12722)

Trust: 0.8

vendor:nxp semiconductorsmodel:mqx real-time operating systemscope:eqversion:version 5.0 (cve-2017-12718)

Trust: 0.8

vendor:smithsmodel:medical medfusion wireless syringe infusion pumpscope:eqversion:40001.1

Trust: 0.6

vendor:smithsmodel:medical medfusion wireless syringe infusion pumpscope:eqversion:40001.5

Trust: 0.6

vendor:smithsmodel:medical medfusion wireless syringe infusion pumpscope:eqversion:40001.6

Trust: 0.6

vendor:smiths medicalmodel:medfusion wireless syringe infusion pumpscope:eqversion:40001.6

Trust: 0.3

vendor:smiths medicalmodel:medfusion wireless syringe infusion pumpscope:eqversion:40001.5

Trust: 0.3

vendor:smiths medicalmodel:medfusion wireless syringe infusion pumpscope:eqversion:40001.1

Trust: 0.3

vendor:nxpmodel:semiconductors mqx rtosscope:eqversion:3.8

Trust: 0.3

vendor:nxpmodel:semiconductors mqx rtosscope:eqversion:3.7

Trust: 0.3

vendor:nxpmodel:semiconductors mqx rtosscope:eqversion:3.6

Trust: 0.3

vendor:nxpmodel:semiconductors mqx rtosscope:eqversion:3.5

Trust: 0.3

vendor:nxpmodel:semiconductors mqx rtosscope:eqversion:3.4

Trust: 0.3

vendor:nxpmodel:semiconductors mqx rtosscope:eqversion:3.3

Trust: 0.3

vendor:nxpmodel:semiconductors mqx rtosscope:eqversion:3.2

Trust: 0.3

vendor:nxpmodel:semiconductors mqx rtosscope:eqversion:3.1

Trust: 0.3

vendor:nxpmodel:semiconductors mqx rtosscope:eqversion:5.0

Trust: 0.3

vendor:nxpmodel:semiconductors mqx rtosscope:eqversion:4.2

Trust: 0.3

vendor:nxpmodel:semiconductors mqx rtosscope:eqversion:4.0

Trust: 0.3

vendor:medfusion 4000 syringe infusion pumpmodel: - scope:eqversion:1.1

Trust: 0.2

vendor:medfusion 4000 syringe infusion pumpmodel: - scope:eqversion:1.5

Trust: 0.2

vendor:medfusion 4000 syringe infusion pumpmodel: - scope:eqversion:1.6

Trust: 0.2

sources: IVD: 5166b119-87ed-4df9-b95b-46e0eafe6d6a // CERT/CC: VU#590639 // CNVD: CNVD-2017-25723 // BID: 100665 // BID: 101252 // JVNDB: JVNDB-2017-010586 // CNNVD: CNNVD-201709-519 // NVD: CVE-2017-12718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12718
value: HIGH

Trust: 1.0

CNVD: CNVD-2017-25723
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-519
value: HIGH

Trust: 0.6

IVD: 5166b119-87ed-4df9-b95b-46e0eafe6d6a
value: HIGH

Trust: 0.2

VULHUB: VHN-103268
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12718
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2017-25723
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5166b119-87ed-4df9-b95b-46e0eafe6d6a
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-103268
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12718
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: IVD: 5166b119-87ed-4df9-b95b-46e0eafe6d6a // CNVD: CNVD-2017-25723 // VULHUB: VHN-103268 // CNNVD: CNNVD-201709-519 // NVD: CVE-2017-12718

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-125

Trust: 0.8

sources: VULHUB: VHN-103268 // JVNDB: JVNDB-2017-010586 // NVD: CVE-2017-12718

THREAT TYPE

network

Trust: 0.6

sources: BID: 100665 // BID: 101252

TYPE

Buffer error

Trust: 0.8

sources: IVD: 5166b119-87ed-4df9-b95b-46e0eafe6d6a // CNNVD: CNNVD-201709-519

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010586

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-103268

PATCH
title:MQX Real-Time Operating System (RTOS)url:https://www.nxp.com/support/developer-resources/run-time-software/mqx-software-solutions/mqx-real-time-operating-system-rtos:MQXRTOS?fsrch=1&sr=1&pageNum=1
Trust: 0.8
title:Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Patch Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/101786
Trust: 0.6
title:Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100042
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-25723 // 
            
            
            
            JVNDB: JVNDB-2017-010586 // 
            
            
            
            CNNVD: CNNVD-201709-519

EXTERNAL IDS
db:NVDid:CVE-2017-12718
Trust: 3.9
db:ICS CERTid:ICSMA-17-250-02A
Trust: 2.5
db:BIDid:100665
Trust: 2.0
db:BIDid:101252
Trust: 2.0
db:CERT/CCid:VU#590639
Trust: 1.9
db:EXPLOIT-DBid:43776
Trust: 1.7
db:ICS CERTid:ICSA-17-285-04
Trust: 1.1
db:CNNVDid:CNNVD-201709-519
Trust: 0.9
db:ICS CERTid:ICSMA-17-250-02
Trust: 0.9
db:CNVDid:CNVD-2017-25723
Trust: 0.8
db:ICS CERTid:ICSA-17-285-04A
Trust: 0.8
db:JVNid:JVNVU96796469
Trust: 0.8
db:JVNDBid:JVNDB-2017-010586
Trust: 0.8
db:IVDid:5166B119-87ED-4DF9-B95B-46E0EAFE6D6A
Trust: 0.2
db:PACKETSTORMid:145971
Trust: 0.1
db:VULHUBid:VHN-103268
Trust: 0.1
sources:
            
            
            IVD: 5166b119-87ed-4df9-b95b-46e0eafe6d6a // 
            
            
            
            CERT/CC: VU#590639 // 
            
            
            
            CNVD: CNVD-2017-25723 // 
            
            
            
            VULHUB: VHN-103268 // 
            
            
            
            BID: 100665 // 
            
            
            
            BID: 101252 // 
            
            
            
            JVNDB: JVNDB-2017-010586 // 
            
            
            
            CNNVD: CNNVD-201709-519 // 
            
            
            
            NVD: CVE-2017-12718

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-17-250-02a
Trust: 2.5
url:http://www.securityfocus.com/bid/100665
Trust: 1.7
url:http://www.securityfocus.com/bid/101252
Trust: 1.7
url:https://www.exploit-db.com/exploits/43776/
Trust: 1.7
url:https://ics-cert.us-cert.gov/advisories/icsa-17-285-04
Trust: 1.1
url:https://www.kb.cert.org/vuls/id/590639
Trust: 1.1
url:https://ics-cert.us-cert.gov/advisories/icsma-17-250-02
Trust: 0.9
url:http://cwe.mitre.org/data/definitions/120.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/125.html
Trust: 0.8
url:https://github.com/sgayou/medfusion-4000-research/blob/master/doc/readme.md
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12718
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12722
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-17-285-04a
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96796469/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12722
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12718
Trust: 0.8
url:https://www.smiths-medical.com/products/infusion/syringe-infusion/syringe-infusion-pumps/medfusion-4000-wireless-syringe-infusion-pump
Trust: 0.3
url:https://www.nxp.com/support/developer-resources/run-time-software/mqx-software-solutions/mqx-real-time-operating-system-rtos:mqxrtos?fsrch=1&sr=1&pagenum=1
Trust: 0.3
sources:
            
            
            CERT/CC: VU#590639 // 
            
            
            
            CNVD: CNVD-2017-25723 // 
            
            
            
            VULHUB: VHN-103268 // 
            
            
            
            BID: 100665 // 
            
            
            
            BID: 101252 // 
            
            
            
            JVNDB: JVNDB-2017-010586 // 
            
            
            
            CNNVD: CNNVD-201709-519 // 
            
            
            
            NVD: CVE-2017-12718

CREDITS
Scott Gayou
Trust: 1.2
sources:
            
            
            BID: 100665 // 
            
            
            
            BID: 101252 // 
            
            
            
            CNNVD: CNNVD-201709-519

SOURCES
db:IVDid:5166b119-87ed-4df9-b95b-46e0eafe6d6a
db:CERT/CCid:VU#590639
db:CNVDid:CNVD-2017-25723
db:VULHUBid:VHN-103268
db:BIDid:100665
db:BIDid:101252
db:JVNDBid:JVNDB-2017-010586
db:CNNVDid:CNNVD-201709-519
db:NVDid:CVE-2017-12718

LAST UPDATE DATE
2024-11-23T22:22:13.836000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#590639date:2018-01-22T00:00:00
db:CNVDid:CNVD-2017-25723date:2017-09-08T00:00:00
db:VULHUBid:VHN-103268date:2019-10-09T00:00:00
db:BIDid:100665date:2017-09-07T00:00:00
db:BIDid:101252date:2017-10-12T00:00:00
db:JVNDBid:JVNDB-2017-010586date:2018-04-11T00:00:00
db:CNNVDid:CNNVD-201709-519date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12718date:2024-11-21T03:10:05.357

SOURCES RELEASE DATE
db:IVDid:5166b119-87ed-4df9-b95b-46e0eafe6d6adate:2017-09-08T00:00:00
db:CERT/CCid:VU#590639date:2017-10-12T00:00:00
db:CNVDid:CNVD-2017-25723date:2017-09-08T00:00:00
db:VULHUBid:VHN-103268date:2018-02-15T00:00:00
db:BIDid:100665date:2017-09-07T00:00:00
db:BIDid:101252date:2017-10-12T00:00:00
db:JVNDBid:JVNDB-2017-010586date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201709-519date:2017-09-18T00:00:00
db:NVDid:CVE-2017-12718date:2018-02-15T10:29:00.227