CVE-2017-12722

MEDIUM

Smiths-medical Medfusion 4000 Wireles... - Out-of-Bounds Read

Title source: rule

Description

An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of the therapeutic module.

References (3)

Core 3

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/101252

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/100665

Scores

CVSS v3 5.3

EPSS 0.0085

EPSS Percentile 75.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-125

Status published

Products (3)

smiths-medical/medfusion_4000_wireless_syringe_infusion_pump 1.1

smiths-medical/medfusion_4000_wireless_syringe_infusion_pump 1.5

smiths-medical/medfusion_4000_wireless_syringe_infusion_pump 1.6

Published Feb 15, 2018

Tracked Since Feb 18, 2026