CVE-2017-12723
LOWSmiths Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1, 1.5, 1.6 - Password Exposure in Configuration File
Title source: llmDescription
A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100665
Scores
CVSS v3
3.7
EPSS
0.0099
EPSS Percentile
58.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump
1.1
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump
1.5
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump
1.6
Published
Feb 15, 2018
Tracked Since
Feb 18, 2026