Sign-up

ID

VAR-201804-0518


CVE

CVE-2017-12701


TITLE

BMC Medical Luna CPAP machine Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013292

DESCRIPTION

BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain an improper input validation vulnerability which may allow an authenticated attacker to crash the CPAP's Wi-Fi module resulting in a denial-of-service condition. BMC Medical Luna CPAP machine Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. BMCMedicalLunaCPAPMachine is a ventilator from China's BMCMedical. 3BMedicalLunaCPAPMachine is a ventilator from 3BMedical in the United States. A denial of service vulnerability exists in BMCMedicalLunaCPAPMachine and 3BMedicalLunaCPAPMachine. A remote attacker could exploit the vulnerability to cause a denial of service. BMC Medical and 3B Medical Luna CPAP Machine is prone to a denial-of-service vulnerability. Attackers may leverage this issue to cause a denial-of-service condition, denying service to legitimate users

Trust: 2.61

sources: NVD: CVE-2017-12701 // JVNDB: JVNDB-2017-013292 // CNVD: CNVD-2017-22810 // BID: 100354 // IVD: d94947e8-5fe9-4099-9d4b-7eea96a2d7c1

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

category:['medical device']sub_category:therapy machine

Trust: 0.1

sources: OTHER: None // IVD: d94947e8-5fe9-4099-9d4b-7eea96a2d7c1 // CNVD: CNVD-2017-22810

AFFECTED PRODUCTS

vendor:cpapmodel:luna cpap machinescope:ltversion:20170701

Trust: 1.0

vendor:bmc medical 3b medicalmodel:luna cpap machinescope:eqversion:july 1

Trust: 0.8

vendor:bmc medical 3b medicalmodel:luna cpap machinescope:eqversion:2017

Trust: 0.8

vendor:bmcmodel:medical luna cpap machinescope: - version: -

Trust: 0.6

vendor:bmcmodel:medical luna cpap machinescope:eqversion:0

Trust: 0.3

vendor:3bmodel:medical luna cpap machinescope:eqversion:0

Trust: 0.3

vendor:luna cpap machinemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: d94947e8-5fe9-4099-9d4b-7eea96a2d7c1 // CNVD: CNVD-2017-22810 // BID: 100354 // JVNDB: JVNDB-2017-013292 // NVD: CVE-2017-12701

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12701
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12701
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-22810
value: LOW

Trust: 0.6

CNNVD: CNNVD-201708-723
value: MEDIUM

Trust: 0.6

IVD: d94947e8-5fe9-4099-9d4b-7eea96a2d7c1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2017-12701
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-22810
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: d94947e8-5fe9-4099-9d4b-7eea96a2d7c1
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-12701
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: d94947e8-5fe9-4099-9d4b-7eea96a2d7c1 // CNVD: CNVD-2017-22810 // JVNDB: JVNDB-2017-013292 // CNNVD: CNNVD-201708-723 // NVD: CVE-2017-12701

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-013292 // NVD: CVE-2017-12701

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-723

TYPE

Input validation error

Trust: 0.8

sources: IVD: d94947e8-5fe9-4099-9d4b-7eea96a2d7c1 // CNNVD: CNNVD-201708-723

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013292

PATCH
title:Top Pageurl:http://3bproducts.com/
Trust: 0.8
title:Top Pageurl:http://en.bmc-medical.com/
Trust: 0.8
title:BMC Medical Luna CPAP Machine  and 3B Medical Luna CPAP Machine Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74074
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013292 // 
            
            
            
            CNNVD: CNNVD-201708-723

EXTERNAL IDS
db:NVDid:CVE-2017-12701
Trust: 3.6
db:ICS CERTid:ICSMA-17-227-01
Trust: 3.3
db:BIDid:100354
Trust: 1.9
db:CNVDid:CNVD-2017-22810
Trust: 0.8
db:CNNVDid:CNNVD-201708-723
Trust: 0.8
db:JVNDBid:JVNDB-2017-013292
Trust: 0.8
db:IVDid:D94947E8-5FE9-4099-9D4B-7EEA96A2D7C1
Trust: 0.2
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            IVD: d94947e8-5fe9-4099-9d4b-7eea96a2d7c1 // 
            
            
            
            CNVD: CNVD-2017-22810 // 
            
            
            
            BID: 100354 // 
            
            
            
            JVNDB: JVNDB-2017-013292 // 
            
            
            
            CNNVD: CNNVD-201708-723 // 
            
            
            
            NVD: CVE-2017-12701

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-17-227-01
Trust: 3.3
url:http://www.securityfocus.com/bid/100354
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12701
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12701
Trust: 0.8
url:http://3bproducts.com/
Trust: 0.3
url:http://en.bmc-medical.com/
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-22810 // 
            
            
            
            BID: 100354 // 
            
            
            
            JVNDB: JVNDB-2017-013292 // 
            
            
            
            CNNVD: CNNVD-201708-723 // 
            
            
            
            NVD: CVE-2017-12701

CREDITS
MedSec.
Trust: 0.9
sources:
            
            
            BID: 100354 // 
            
            
            
            CNNVD: CNNVD-201708-723

SOURCES
db:OTHERid: - 
db:IVDid:d94947e8-5fe9-4099-9d4b-7eea96a2d7c1
db:CNVDid:CNVD-2017-22810
db:BIDid:100354
db:JVNDBid:JVNDB-2017-013292
db:CNNVDid:CNNVD-201708-723
db:NVDid:CVE-2017-12701

LAST UPDATE DATE
2025-01-30T19:52:38.213000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-22810date:2017-08-25T00:00:00
db:BIDid:100354date:2017-08-15T00:00:00
db:JVNDBid:JVNDB-2017-013292date:2018-06-19T00:00:00
db:CNNVDid:CNNVD-201708-723date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12701date:2024-11-21T03:10:03.373

SOURCES RELEASE DATE
db:IVDid:d94947e8-5fe9-4099-9d4b-7eea96a2d7c1date:2017-08-25T00:00:00
db:CNVDid:CNVD-2017-22810date:2017-08-25T00:00:00
db:BIDid:100354date:2017-08-15T00:00:00
db:JVNDBid:JVNDB-2017-013292date:2018-06-19T00:00:00
db:CNNVDid:CNNVD-201708-723date:2017-08-17T00:00:00
db:NVDid:CVE-2017-12701date:2018-04-17T14:29:00.243