MidnightBSD

Advisories for smiths-medical

CVE-2016-8355 HIGH

An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
smiths-medical cadd-solis_medication_safety_software 1.0
smiths-medical cadd-solis_medication_safety_software 3.1
smiths-medical cadd-solis_medication_safety_software 2.0
smiths-medical cadd-solis_medication_safety_software 3.0
CVE-2016-8358 MEDIUM

An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,

Products Affected

Vendor Product Version
smiths-medical cadd-solis_medication_safety_software 1.0
smiths-medical cadd-solis_medication_safety_software 3.1
smiths-medical cadd-solis_medication_safety_software 2.0
smiths-medical cadd-solis_medication_safety_software 3.0
CVE-2017-12718 MEDIUM

A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-119,

Products Affected

Vendor Product Version
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.5
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.6
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.1
CVE-2017-12720 MEDIUM

An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.5
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.6
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.1
CVE-2017-12721 MEDIUM

An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.5
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.6
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.1
CVE-2017-12722 MEDIUM

An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of the therapeutic module.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.5
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.6
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.1
CVE-2017-12723 MEDIUM

A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.5
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.6
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.1
CVE-2017-12724 MEDIUM

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.5
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.6
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.1
CVE-2017-12725 MEDIUM

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.5
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.6
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.1
CVE-2017-12726 HIGH

A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impact of this vulnerability is limited to the communications module.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.5
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.6
smiths-medical medfusion_4000_wireless_syringe_infusion_pump 1.1