CVE-2017-12724
HIGHSmiths Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1, 1.5, 1.6 - Use of Hard-coded Credentials in FTP Server
Title source: llmDescription
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100665
Scores
CVSS v3
8.1
EPSS
0.0137
EPSS Percentile
68.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (3)
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump
1.1
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump
1.5
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump
1.6
Published
Feb 15, 2018
Tracked Since
Feb 18, 2026