← Back

CVE-2017-12726

nvd nist
Published: Feb 15, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.3
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Exploitability: 3.9 / Impact: 3.4
Source: NVD

Description

A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impact of this vulnerability is limited to the communications module.

Affected (3)

Smiths Medical
1 product
Medfusion 4000 Wireless Syringe Infusion Pump
Configuration A
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Smiths Medical
Medfusion 4000 Wireless Syringe Infusion Pump
Version 1.1
Medfusion 4000 Wireless Syringe Infusion Pump
Version 1.5
Medfusion 4000 Wireless Syringe Infusion Pump
Version 1.6
Running on/withPlatform Versions
Smiths Medical
Medfusion 4000 Wireless Syringe Infusion Pump
All versions

Related CWEs

CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryVDB Entry
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.