Details of VAR-201802-0481

ID

VAR-201802-0481

CVE

CVE-2017-12722

TITLE

Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Memory read vulnerability

Trust: 0.8

sources: IVD: 52bccdaf-af7c-4b8c-a161-1d0c1307bb73 // CNVD: CNVD-2017-25722

DESCRIPTION

An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of the therapeutic module. NXP Semiconductors Provided by MQX RTOS Has multiple vulnerabilities. Buffer overflow (CWE-120) - CVE-2017-12718 MQX version 5.0 of RTCS DHCP On the client, DHCP option 66 and 67 The data length check corresponding to is not performed correctly. A remote third party crafted these data items DHCP Sending a packet can cause a buffer overflow and execute arbitrary code. Read out of bounds (CWE-125) - CVE-2017-12722 MQX version 4.1 And earlier DNS The client is illegal DNS The packet size cannot be handled properly and an out-of-region memory reference occurs. Remote third party crafted DNS Sending a packet causes an out-of-region memory reference and disrupts service operation ( DoS ) Is possible.The expected impact depends on each vulnerability, but can be affected as follows: * * Crafted by a remote third party DHCP By sending a packet, arbitrary code is executed with system privileges. - CVE-2017-12718 * * Crafted by a remote third party DNS By sending a packet, service disruption ( DoS ) - CVE-2017-12722. A buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. An access-bypass vulnerability 4. Multiple security-bypass vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Attackers can exploit these issues to crash the application, resulting in a denial-of-service condition

Trust: 3.69

sources: NVD: CVE-2017-12722 // CERT/CC: VU#590639 // JVNDB: JVNDB-2017-010586 // CNVD: CNVD-2017-25722 // BID: 100665 // BID: 101252 // IVD: 52bccdaf-af7c-4b8c-a161-1d0c1307bb73 // VULHUB: VHN-103273

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 52bccdaf-af7c-4b8c-a161-1d0c1307bb73 // CNVD: CNVD-2017-25722

AFFECTED PRODUCTS

vendor:	smiths medical	model:	medfusion 4000 wireless syringe infusion pump	scope:	eq	version:	1.1	Trust: 1.6
vendor:	smiths medical	model:	medfusion 4000 wireless syringe infusion pump	scope:	eq	version:	1.6	Trust: 1.6
vendor:	smiths medical	model:	medfusion 4000 wireless syringe infusion pump	scope:	eq	version:	1.5	Trust: 1.6
vendor:	nxp semiconductors	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nxp semiconductors	model:	mqx real-time operating system	scope:	lte	version:	version 4.1 (cve-2017-12722)	Trust: 0.8
vendor:	nxp semiconductors	model:	mqx real-time operating system	scope:	eq	version:	version 5.0 (cve-2017-12718)	Trust: 0.8
vendor:	smiths	model:	medical medfusion wireless syringe infusion pump	scope:	eq	version:	40001.1	Trust: 0.6
vendor:	smiths	model:	medical medfusion wireless syringe infusion pump	scope:	eq	version:	40001.5	Trust: 0.6
vendor:	smiths	model:	medical medfusion wireless syringe infusion pump	scope:	eq	version:	40001.6	Trust: 0.6
vendor:	smiths medical	model:	medfusion wireless syringe infusion pump	scope:	eq	version:	40001.6	Trust: 0.3
vendor:	smiths medical	model:	medfusion wireless syringe infusion pump	scope:	eq	version:	40001.5	Trust: 0.3
vendor:	smiths medical	model:	medfusion wireless syringe infusion pump	scope:	eq	version:	40001.1	Trust: 0.3
vendor:	nxp	model:	semiconductors mqx rtos	scope:	eq	version:	3.8	Trust: 0.3
vendor:	nxp	model:	semiconductors mqx rtos	scope:	eq	version:	3.7	Trust: 0.3
vendor:	nxp	model:	semiconductors mqx rtos	scope:	eq	version:	3.6	Trust: 0.3
vendor:	nxp	model:	semiconductors mqx rtos	scope:	eq	version:	3.5	Trust: 0.3
vendor:	nxp	model:	semiconductors mqx rtos	scope:	eq	version:	3.4	Trust: 0.3
vendor:	nxp	model:	semiconductors mqx rtos	scope:	eq	version:	3.3	Trust: 0.3
vendor:	nxp	model:	semiconductors mqx rtos	scope:	eq	version:	3.2	Trust: 0.3
vendor:	nxp	model:	semiconductors mqx rtos	scope:	eq	version:	3.1	Trust: 0.3
vendor:	nxp	model:	semiconductors mqx rtos	scope:	eq	version:	5.0	Trust: 0.3
vendor:	nxp	model:	semiconductors mqx rtos	scope:	eq	version:	4.2	Trust: 0.3
vendor:	nxp	model:	semiconductors mqx rtos	scope:	eq	version:	4.0	Trust: 0.3
vendor:	medfusion 4000 syringe infusion pump	model:	-	scope:	eq	version:	1.1	Trust: 0.2
vendor:	medfusion 4000 syringe infusion pump	model:	-	scope:	eq	version:	1.5	Trust: 0.2
vendor:	medfusion 4000 syringe infusion pump	model:	-	scope:	eq	version:	1.6	Trust: 0.2

sources: IVD: 52bccdaf-af7c-4b8c-a161-1d0c1307bb73 // CERT/CC: VU#590639 // CNVD: CNVD-2017-25722 // BID: 100665 // BID: 101252 // JVNDB: JVNDB-2017-010586 // CNNVD: CNNVD-201709-520 // NVD: CVE-2017-12722

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12722
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2017-25722
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201709-520
value:	MEDIUM
Trust: 0.6
IVD:	52bccdaf-af7c-4b8c-a161-1d0c1307bb73
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-103273
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12722
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2017-25722
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	52bccdaf-af7c-4b8c-a161-1d0c1307bb73
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-103273
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12722
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: IVD: 52bccdaf-af7c-4b8c-a161-1d0c1307bb73 // CNVD: CNVD-2017-25722 // VULHUB: VHN-103273 // CNNVD: CNNVD-201709-520 // NVD: CVE-2017-12722

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.9
problemtype:	CWE-120	Trust: 0.8

sources: VULHUB: VHN-103273 // JVNDB: JVNDB-2017-010586 // NVD: CVE-2017-12722

THREAT TYPE

network

Trust: 0.6

sources: BID: 100665 // BID: 101252

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201709-520

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010586

PATCH

title:	MQX Real-Time Operating System (RTOS)	url:	https://www.nxp.com/support/developer-resources/run-time-software/mqx-software-solutions/mqx-real-time-operating-system-rtos:MQXRTOS?fsrch=1&sr=1&pageNum=1	Trust: 0.8
title:	Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Memory Read Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/101787	Trust: 0.6

sources: CNVD: CNVD-2017-25722 // JVNDB: JVNDB-2017-010586

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12722	Trust: 3.9
db:	ICS CERT	id:	ICSMA-17-250-02A	Trust: 2.5
db:	BID	id:	100665	Trust: 2.0
db:	BID	id:	101252	Trust: 2.0
db:	CERT/CC	id:	VU#590639	Trust: 1.9
db:	ICS CERT	id:	ICSA-17-285-04	Trust: 1.1
db:	CNNVD	id:	CNNVD-201709-520	Trust: 0.9
db:	ICS CERT	id:	ICSMA-17-250-02	Trust: 0.9
db:	CNVD	id:	CNVD-2017-25722	Trust: 0.8
db:	ICS CERT	id:	ICSA-17-285-04A	Trust: 0.8
db:	JVN	id:	JVNVU96796469	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-010586	Trust: 0.8
db:	IVD	id:	52BCCDAF-AF7C-4B8C-A161-1D0C1307BB73	Trust: 0.2
db:	VULHUB	id:	VHN-103273	Trust: 0.1

sources: IVD: 52bccdaf-af7c-4b8c-a161-1d0c1307bb73 // CERT/CC: VU#590639 // CNVD: CNVD-2017-25722 // VULHUB: VHN-103273 // BID: 100665 // BID: 101252 // JVNDB: JVNDB-2017-010586 // CNNVD: CNNVD-201709-520 // NVD: CVE-2017-12722

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-17-250-02a	Trust: 2.5
url:	http://www.securityfocus.com/bid/100665	Trust: 1.7
url:	http://www.securityfocus.com/bid/101252	Trust: 1.7
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-285-04	Trust: 1.1
url:	https://www.kb.cert.org/vuls/id/590639	Trust: 1.1
url:	https://ics-cert.us-cert.gov/advisories/icsma-17-250-02	Trust: 0.9
url:	http://cwe.mitre.org/data/definitions/120.html	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/125.html	Trust: 0.8
url:	https://github.com/sgayou/medfusion-4000-research/blob/master/doc/readme.md	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12718	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12722	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-285-04a	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu96796469/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12722	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12718	Trust: 0.8
url:	https://www.smiths-medical.com/products/infusion/syringe-infusion/syringe-infusion-pumps/medfusion-4000-wireless-syringe-infusion-pump	Trust: 0.3
url:	https://www.nxp.com/support/developer-resources/run-time-software/mqx-software-solutions/mqx-real-time-operating-system-rtos:mqxrtos?fsrch=1&sr=1&pagenum=1	Trust: 0.3

sources: CERT/CC: VU#590639 // CNVD: CNVD-2017-25722 // VULHUB: VHN-103273 // BID: 100665 // BID: 101252 // JVNDB: JVNDB-2017-010586 // CNNVD: CNNVD-201709-520 // NVD: CVE-2017-12722

CREDITS

Scott Gayou

Trust: 1.2

sources: BID: 100665 // BID: 101252 // CNNVD: CNNVD-201709-520

SOURCES

db:	IVD	id:	52bccdaf-af7c-4b8c-a161-1d0c1307bb73
db:	CERT/CC	id:	VU#590639
db:	CNVD	id:	CNVD-2017-25722
db:	VULHUB	id:	VHN-103273
db:	BID	id:	100665
db:	BID	id:	101252
db:	JVNDB	id:	JVNDB-2017-010586
db:	CNNVD	id:	CNNVD-201709-520
db:	NVD	id:	CVE-2017-12722

LAST UPDATE DATE

2024-11-23T22:22:13.889000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#590639	date:	2018-01-22T00:00:00
db:	CNVD	id:	CNVD-2017-25722	date:	2017-09-08T00:00:00
db:	VULHUB	id:	VHN-103273	date:	2018-03-02T00:00:00
db:	BID	id:	100665	date:	2017-09-07T00:00:00
db:	BID	id:	101252	date:	2017-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-010586	date:	2018-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201709-520	date:	2017-09-18T00:00:00
db:	NVD	id:	CVE-2017-12722	date:	2024-11-21T03:10:05.837

SOURCES RELEASE DATE

db:	IVD	id:	52bccdaf-af7c-4b8c-a161-1d0c1307bb73	date:	2017-09-08T00:00:00
db:	CERT/CC	id:	VU#590639	date:	2017-10-12T00:00:00
db:	CNVD	id:	CNVD-2017-25722	date:	2017-09-08T00:00:00
db:	VULHUB	id:	VHN-103273	date:	2018-02-15T00:00:00
db:	BID	id:	100665	date:	2017-09-07T00:00:00
db:	BID	id:	101252	date:	2017-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-010586	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201709-520	date:	2017-09-18T00:00:00
db:	NVD	id:	CVE-2017-12722	date:	2018-02-15T10:29:00.383