CVE-2017-12723

LOW

Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1, 1.5, 1.6 - Password Exposure in Configuration File

Title source: llm
STIX 2.1

Description

A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100665

Scores

CVSS v3 3.7
EPSS 0.0099
EPSS Percentile 58.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (3)
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump 1.1
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump 1.5
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump 1.6
Published Feb 15, 2018
Tracked Since Feb 18, 2026