CVE-2017-12723

A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications.
References
Link Resource
http://www.securityfocus.com/bid/100665 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*
cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*
cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*
cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-02-15 10:29

Updated : 2024-02-04 19:46


NVD link : CVE-2017-12723

Mitre link : CVE-2017-12723

CVE.ORG link : CVE-2017-12723


JSON object : View

Products Affected

smiths-medical

  • medfusion_4000_wireless_syringe_infusion_pump
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor