Vulnerability-Lookup

CNVD-2017-22810

Vulnerability from cnvd - Published: 2017-08-25

Title

BMC Medical Luna CPAP Machine和3B Medical Luna CPAP Machine输入验证漏洞

Description

BMC Medical Luna CPAP Machine是中国怡和嘉业医疗科技（BMC Medical）公司的一款呼吸机。3B Medical Luna CPAP Machine是美国3B Medical公司的一款呼吸机。 BMC Medical Luna CPAP Machine和3B Medical Luna CPAP Machine中存在拒绝服务漏洞。远程攻击者可利用该漏洞造成拒绝服务。

Severity

低

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://en.bmc-medical.com/

Reference

https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01

Impacted products

Name
BMC Medical Luna CPAP Machine

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12701"
    }
  },
  "description": "BMC Medical Luna CPAP Machine\u662f\u4e2d\u56fd\u6021\u548c\u5609\u4e1a\u533b\u7597\u79d1\u6280\uff08BMC Medical\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u547c\u5438\u673a\u30023B Medical Luna CPAP Machine\u662f\u7f8e\u56fd3B Medical\u516c\u53f8\u7684\u4e00\u6b3e\u547c\u5438\u673a\u3002\r\n\r\nBMC Medical Luna CPAP Machine\u548c3B Medical Luna CPAP Machine\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://en.bmc-medical.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-22810",
  "openTime": "2017-08-25",
  "products": {
    "product": "BMC Medical Luna CPAP Machine"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01",
  "serverity": "\u4f4e",
  "submitTime": "2017-08-17",
  "title": "BMC Medical Luna CPAP Machine\u548c3B Medical Luna CPAP Machine\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e"
}

CVE-2017-12701 (GCVE-0-2017-12701)

Vulnerability from cvelistv5 – Published: 2018-04-17 14:00 – Updated: 2024-09-17 02:27

Summary

BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain an improper input validation vulnerability which may allow an authenticated attacker to crash the CPAP's Wi-Fi module resulting in a denial-of-service condition.

Severity ?

No CVSS data available.

CWE

CWE-20 - Improper input validation write CWE-20

Assigner

icscert

References

URL

Tags

	http://www.securityfocus.com/bid/100354	vdb-entryx_refsource_BID
	https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	BMC Medical	Luna CPAP Machine	Affected: all devices released prior to July 1, 2017.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:43:56.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100354",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100354"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Luna CPAP Machine",
          "vendor": "BMC Medical",
          "versions": [
            {
              "status": "affected",
              "version": "all devices released prior to July 1, 2017."
            }
          ]
        }
      ],
      "datePublic": "2017-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain an improper input validation vulnerability which may allow an authenticated attacker to crash the CPAP\u0027s Wi-Fi module resulting in a denial-of-service condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper input validation write CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-18T09:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "100354",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100354"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2017-08-15T00:00:00",
          "ID": "CVE-2017-12701",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Luna CPAP Machine",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all devices released prior to July 1, 2017."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "BMC Medical"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain an improper input validation vulnerability which may allow an authenticated attacker to crash the CPAP\u0027s Wi-Fi module resulting in a denial-of-service condition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper input validation write CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100354",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100354"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-12701",
    "datePublished": "2018-04-17T14:00:00Z",
    "dateReserved": "2017-08-09T00:00:00",
    "dateUpdated": "2024-09-17T02:27:16.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-22810

CVE-2017-12701 (GCVE-0-2017-12701)

Tags

Sightings

Nomenclature