← Back

CVE-2017-12720

nvd nist
Published: Feb 15, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD

Description

An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections.

Affected (3)

Smiths Medical
1 product
Medfusion 4000 Wireless Syringe Infusion Pump
Configuration A
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Smiths Medical
Medfusion 4000 Wireless Syringe Infusion Pump
Version 1.1
Medfusion 4000 Wireless Syringe Infusion Pump
Version 1.5
Medfusion 4000 Wireless Syringe Infusion Pump
Version 1.6
Running on/withPlatform Versions
Smiths Medical
Medfusion 4000 Wireless Syringe Infusion Pump
All versions

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryVDB Entry
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.