5.3

CVE-2017-12722

EPSS 0.85%
Veröffentlicht 15.02.2018 10:29:00
Zuletzt bearbeitet 21.11.2024 03:10:05
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of the therapeutic module.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Smiths-medical ≫ Medfusion 4000 Wireless Syringe Infusion Pump Version1.1

Smiths-medical ≫ Medfusion 4000 Wireless Syringe Infusion Pump Version-

Smiths-medical ≫ Medfusion 4000 Wireless Syringe Infusion Pump Version1.5

Smiths-medical ≫ Medfusion 4000 Wireless Syringe Infusion Pump Version-

Smiths-medical ≫ Medfusion 4000 Wireless Syringe Infusion Pump Version1.6

Smiths-medical ≫ Medfusion 4000 Wireless Syringe Infusion Pump Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.85%	0.739

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.securityfocus.com/bid/100665

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/101252

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2017-12722

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-12722

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-12722

EUVD