VAR-201802-0478
Vulnerability from variot - Updated: 2023-12-18 12:19A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation. NXP Semiconductors Provided by MQX RTOS Has multiple vulnerabilities. Buffer overflow (CWE-120) - CVE-2017-12718 MQX version 5.0 of RTCS DHCP On the client, DHCP option 66 and 67 The data length check corresponding to is not performed correctly. A remote third party crafted these data items DHCP Sending a packet can cause a buffer overflow and execute arbitrary code. Read out of bounds (CWE-125) - CVE-2017-12722 MQX version 4.1 And earlier DNS The client is illegal DNS The packet size cannot be handled properly and an out-of-region memory reference occurs. Remote third party crafted DNS Sending a packet causes an out-of-region memory reference and disrupts service operation ( DoS ) Is possible.The expected impact depends on each vulnerability, but can be affected as follows: * * Crafted by a remote third party DHCP By sending a packet, arbitrary code is executed with system privileges. - CVE-2017-12718 * * Crafted by a remote third party DNS By sending a packet, service disruption ( DoS ) - CVE-2017-12722. A buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. An access-bypass vulnerability 4. Multiple security-bypass vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Attackers can exploit these issues to crash the application, resulting in a denial-of-service condition. The vulnerability is caused by the program not checking the size of the input buffer
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0478",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "medfusion 4000 wireless syringe infusion pump",
"scope": "eq",
"trust": 1.6,
"vendor": "smiths medical",
"version": "1.6"
},
{
"model": "medfusion 4000 wireless syringe infusion pump",
"scope": "eq",
"trust": 1.6,
"vendor": "smiths medical",
"version": "1.5"
},
{
"model": "medfusion 4000 wireless syringe infusion pump",
"scope": "eq",
"trust": 1.6,
"vendor": "smiths medical",
"version": "1.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nxp semiconductors",
"version": null
},
{
"model": "mqx real-time operating system",
"scope": "lte",
"trust": 0.8,
"vendor": "nxp semiconductors",
"version": "version 4.1 (cve-2017-12722)"
},
{
"model": "mqx real-time operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "nxp semiconductors",
"version": "version 5.0 (cve-2017-12718)"
},
{
"model": "medical medfusion wireless syringe infusion pump",
"scope": "eq",
"trust": 0.6,
"vendor": "smiths",
"version": "40001.1"
},
{
"model": "medical medfusion wireless syringe infusion pump",
"scope": "eq",
"trust": 0.6,
"vendor": "smiths",
"version": "40001.5"
},
{
"model": "medical medfusion wireless syringe infusion pump",
"scope": "eq",
"trust": 0.6,
"vendor": "smiths",
"version": "40001.6"
},
{
"model": "medfusion wireless syringe infusion pump",
"scope": "eq",
"trust": 0.3,
"vendor": "smiths medical",
"version": "40001.6"
},
{
"model": "medfusion wireless syringe infusion pump",
"scope": "eq",
"trust": 0.3,
"vendor": "smiths medical",
"version": "40001.5"
},
{
"model": "medfusion wireless syringe infusion pump",
"scope": "eq",
"trust": 0.3,
"vendor": "smiths medical",
"version": "40001.1"
},
{
"model": "semiconductors mqx rtos",
"scope": "eq",
"trust": 0.3,
"vendor": "nxp",
"version": "3.8"
},
{
"model": "semiconductors mqx rtos",
"scope": "eq",
"trust": 0.3,
"vendor": "nxp",
"version": "3.7"
},
{
"model": "semiconductors mqx rtos",
"scope": "eq",
"trust": 0.3,
"vendor": "nxp",
"version": "3.6"
},
{
"model": "semiconductors mqx rtos",
"scope": "eq",
"trust": 0.3,
"vendor": "nxp",
"version": "3.5"
},
{
"model": "semiconductors mqx rtos",
"scope": "eq",
"trust": 0.3,
"vendor": "nxp",
"version": "3.4"
},
{
"model": "semiconductors mqx rtos",
"scope": "eq",
"trust": 0.3,
"vendor": "nxp",
"version": "3.3"
},
{
"model": "semiconductors mqx rtos",
"scope": "eq",
"trust": 0.3,
"vendor": "nxp",
"version": "3.2"
},
{
"model": "semiconductors mqx rtos",
"scope": "eq",
"trust": 0.3,
"vendor": "nxp",
"version": "3.1"
},
{
"model": "semiconductors mqx rtos",
"scope": "eq",
"trust": 0.3,
"vendor": "nxp",
"version": "5.0"
},
{
"model": "semiconductors mqx rtos",
"scope": "eq",
"trust": 0.3,
"vendor": "nxp",
"version": "4.2"
},
{
"model": "semiconductors mqx rtos",
"scope": "eq",
"trust": 0.3,
"vendor": "nxp",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "medfusion 4000 syringe infusion pump",
"version": "1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "medfusion 4000 syringe infusion pump",
"version": "1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "medfusion 4000 syringe infusion pump",
"version": "1.6"
}
],
"sources": [
{
"db": "IVD",
"id": "5166b119-87ed-4df9-b95b-46e0eafe6d6a"
},
{
"db": "CERT/CC",
"id": "VU#590639"
},
{
"db": "CNVD",
"id": "CNVD-2017-25723"
},
{
"db": "BID",
"id": "100665"
},
{
"db": "BID",
"id": "101252"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010586"
},
{
"db": "NVD",
"id": "CVE-2017-12718"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-519"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12718"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Gayou",
"sources": [
{
"db": "BID",
"id": "100665"
},
{
"db": "BID",
"id": "101252"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-519"
}
],
"trust": 1.2
},
"cve": "CVE-2017-12718",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-25723",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "5166b119-87ed-4df9-b95b-46e0eafe6d6a",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-103268",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12718",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-25723",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-519",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5166b119-87ed-4df9-b95b-46e0eafe6d6a",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-103268",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5166b119-87ed-4df9-b95b-46e0eafe6d6a"
},
{
"db": "CNVD",
"id": "CNVD-2017-25723"
},
{
"db": "VULHUB",
"id": "VHN-103268"
},
{
"db": "NVD",
"id": "CVE-2017-12718"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-519"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation. NXP Semiconductors Provided by MQX RTOS Has multiple vulnerabilities. Buffer overflow (CWE-120) - CVE-2017-12718 MQX version 5.0 of RTCS DHCP On the client, DHCP option 66 and 67 The data length check corresponding to is not performed correctly. A remote third party crafted these data items DHCP Sending a packet can cause a buffer overflow and execute arbitrary code. Read out of bounds (CWE-125) - CVE-2017-12722 MQX version 4.1 And earlier DNS The client is illegal DNS The packet size cannot be handled properly and an out-of-region memory reference occurs. Remote third party crafted DNS Sending a packet causes an out-of-region memory reference and disrupts service operation ( DoS ) Is possible.The expected impact depends on each vulnerability, but can be affected as follows: * * Crafted by a remote third party DHCP By sending a packet, arbitrary code is executed with system privileges. - CVE-2017-12718 * * Crafted by a remote third party DNS By sending a packet, service disruption ( DoS ) - CVE-2017-12722. A buffer-overflow vulnerability\n2. A denial-of-service vulnerability\n3. An access-bypass vulnerability\n4. Multiple security-bypass vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Attackers can exploit these issues to crash the application, resulting in a denial-of-service condition. The vulnerability is caused by the program not checking the size of the input buffer",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12718"
},
{
"db": "CERT/CC",
"id": "VU#590639"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010586"
},
{
"db": "CNVD",
"id": "CNVD-2017-25723"
},
{
"db": "BID",
"id": "100665"
},
{
"db": "BID",
"id": "101252"
},
{
"db": "IVD",
"id": "5166b119-87ed-4df9-b95b-46e0eafe6d6a"
},
{
"db": "VULHUB",
"id": "VHN-103268"
}
],
"trust": 3.69
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-103268",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103268"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12718",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSMA-17-250-02A",
"trust": 2.5
},
{
"db": "BID",
"id": "100665",
"trust": 2.0
},
{
"db": "BID",
"id": "101252",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#590639",
"trust": 1.9
},
{
"db": "EXPLOIT-DB",
"id": "43776",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-285-04",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201709-519",
"trust": 0.9
},
{
"db": "ICS CERT",
"id": "ICSMA-17-250-02",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-25723",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-285-04A",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96796469",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010586",
"trust": 0.8
},
{
"db": "IVD",
"id": "5166B119-87ED-4DF9-B95B-46E0EAFE6D6A",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "145971",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-103268",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5166b119-87ed-4df9-b95b-46e0eafe6d6a"
},
{
"db": "CERT/CC",
"id": "VU#590639"
},
{
"db": "CNVD",
"id": "CNVD-2017-25723"
},
{
"db": "VULHUB",
"id": "VHN-103268"
},
{
"db": "BID",
"id": "100665"
},
{
"db": "BID",
"id": "101252"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010586"
},
{
"db": "NVD",
"id": "CVE-2017-12718"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-519"
}
]
},
"id": "VAR-201802-0478",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5166b119-87ed-4df9-b95b-46e0eafe6d6a"
},
{
"db": "CNVD",
"id": "CNVD-2017-25723"
},
{
"db": "VULHUB",
"id": "VHN-103268"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5166b119-87ed-4df9-b95b-46e0eafe6d6a"
},
{
"db": "CNVD",
"id": "CNVD-2017-25723"
}
]
},
"last_update_date": "2023-12-18T12:19:07.503000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MQX Real-Time Operating System (RTOS)",
"trust": 0.8,
"url": "https://www.nxp.com/support/developer-resources/run-time-software/mqx-software-solutions/mqx-real-time-operating-system-rtos:mqxrtos?fsrch=1\u0026sr=1\u0026pagenum=1"
},
{
"title": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Patch Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/101786"
},
{
"title": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100042"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25723"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010586"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-519"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-125",
"trust": 0.8
},
{
"problemtype": "CWE-120",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103268"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010586"
},
{
"db": "NVD",
"id": "CVE-2017-12718"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-250-02a"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/100665"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/101252"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/43776/"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-285-04"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/590639"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-250-02"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.8,
"url": "https://github.com/sgayou/medfusion-4000-research/blob/master/doc/readme.md"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12718"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12722"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-285-04a"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96796469/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12722"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12718"
},
{
"trust": 0.3,
"url": "https://www.smiths-medical.com/products/infusion/syringe-infusion/syringe-infusion-pumps/medfusion-4000-wireless-syringe-infusion-pump"
},
{
"trust": 0.3,
"url": "https://www.nxp.com/support/developer-resources/run-time-software/mqx-software-solutions/mqx-real-time-operating-system-rtos:mqxrtos?fsrch=1\u0026sr=1\u0026pagenum=1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#590639"
},
{
"db": "CNVD",
"id": "CNVD-2017-25723"
},
{
"db": "VULHUB",
"id": "VHN-103268"
},
{
"db": "BID",
"id": "100665"
},
{
"db": "BID",
"id": "101252"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010586"
},
{
"db": "NVD",
"id": "CVE-2017-12718"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-519"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5166b119-87ed-4df9-b95b-46e0eafe6d6a"
},
{
"db": "CERT/CC",
"id": "VU#590639"
},
{
"db": "CNVD",
"id": "CNVD-2017-25723"
},
{
"db": "VULHUB",
"id": "VHN-103268"
},
{
"db": "BID",
"id": "100665"
},
{
"db": "BID",
"id": "101252"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010586"
},
{
"db": "NVD",
"id": "CVE-2017-12718"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-519"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-08T00:00:00",
"db": "IVD",
"id": "5166b119-87ed-4df9-b95b-46e0eafe6d6a"
},
{
"date": "2017-10-12T00:00:00",
"db": "CERT/CC",
"id": "VU#590639"
},
{
"date": "2017-09-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-25723"
},
{
"date": "2018-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-103268"
},
{
"date": "2017-09-07T00:00:00",
"db": "BID",
"id": "100665"
},
{
"date": "2017-10-12T00:00:00",
"db": "BID",
"id": "101252"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010586"
},
{
"date": "2018-02-15T10:29:00.227000",
"db": "NVD",
"id": "CVE-2017-12718"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-519"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-22T00:00:00",
"db": "CERT/CC",
"id": "VU#590639"
},
{
"date": "2017-09-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-25723"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-103268"
},
{
"date": "2017-09-07T00:00:00",
"db": "BID",
"id": "100665"
},
{
"date": "2017-10-12T00:00:00",
"db": "BID",
"id": "101252"
},
{
"date": "2018-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010586"
},
{
"date": "2019-10-09T23:23:11.937000",
"db": "NVD",
"id": "CVE-2017-12718"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-519"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "100665"
},
{
"db": "BID",
"id": "101252"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5166b119-87ed-4df9-b95b-46e0eafe6d6a"
},
{
"db": "CNVD",
"id": "CNVD-2017-25723"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "5166b119-87ed-4df9-b95b-46e0eafe6d6a"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-519"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…