Published: 15/02/2018 Updated: 09/10/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A Classic Buffer Overflow issue exists in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.1
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.5
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.6

#!/usr/bin/python3 """PoC for MQX RTCS code execution via DHCP options overflow This is just a quick hack to prove the vulnerability and was designed to run on a private network with the target device """ import datetime import socket def main(): """Use a default valid DHCP packet to overwrite an event function pointer""" execute_addr ...

CWE-119 https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A https://www.exploit-db.com/exploits/43776/http://www.securityfocus.com/bid/101252 http://www.securityfocus.com/bid/100665 https://nvd.nist.gov https://www.exploit-db.com/exploits/43776/https://www.kb.cert.org/vuls/id/590639

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-12718

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect