CVE-2017-12718

Name of the Vulnerable Software and Affected Versions: Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump versions 1.1, 1.5, and 1.6

Description: A buffer overflow issue was discovered in the pump due to a third-party component not verifying input buffer size prior to copying, leading to a buffer overflow and allowing remote code execution on the target device. The pump receives potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation.

Recommendations: For version 1.1, update the third-party component to a version that verifies input buffer size prior to copying. For version 1.5, update the third-party component to a version that verifies input buffer size prior to copying. For version 1.6, update the third-party component to a version that verifies input buffer size prior to copying.