CVE-2017-12722
MEDIUMSmiths Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1, 1.5, 1.6 - Out-of-bounds Read
Title source: llmDescription
An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of the therapeutic module.
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101252
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100665
Scores
CVSS v3
5.3
EPSS
0.0246
EPSS Percentile
82.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-125
Status
published
Products (3)
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump
1.1
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump
1.5
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump
1.6
Published
Feb 15, 2018
Tracked Since
Feb 18, 2026