← Back

CVE-2017-12721

nvd nist
Published: Feb 15, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack.

Affected (3)

Smiths Medical
1 product
Medfusion 4000 Wireless Syringe Infusion Pump
Configuration A
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Smiths Medical
Medfusion 4000 Wireless Syringe Infusion Pump
Version 1.1
Medfusion 4000 Wireless Syringe Infusion Pump
Version 1.5
Medfusion 4000 Wireless Syringe Infusion Pump
Version 1.6
Running on/withPlatform Versions
Smiths Medical
Medfusion 4000 Wireless Syringe Infusion Pump
All versions

Related CWEs

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References (4)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryVDB Entry
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.