Lucene search

[email protected]CVE-2017-12723

HistoryFeb 15, 2018 - 10:29 a.m.

CVE-2017-12723

2018-02-1510:29:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2017-12723

information security

configuration file

password

smiths medical

medfusion 4000

syringe infusion pump

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.8%

JSON

A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications.

Affected configurations

NVD

Node

smiths-medicalmedfusion_4000_wireless_syringe_infusion_pumpMatch1.1

smiths-medicalmedfusion_4000_wireless_syringe_infusion_pumpMatch1.5

smiths-medicalmedfusion_4000_wireless_syringe_infusion_pumpMatch1.6

AND

smiths-medicalmedfusion_4000_wireless_syringe_infusion_pumpMatch-

CPENameOperatorVersion
smiths-medical:medfusion_4000_wireless_syringe_infusion_pumpsmiths-medical medfusion 4000 wireless syringe infusion pumpeq1.1
smiths-medical:medfusion_4000_wireless_syringe_infusion_pumpsmiths-medical medfusion 4000 wireless syringe infusion pumpeq1.5
smiths-medical:medfusion_4000_wireless_syringe_infusion_pumpsmiths-medical medfusion 4000 wireless syringe infusion pumpeq1.6

CPE	Name	Operator	Version
smiths-medical:medfusion_4000_wireless_syringe_infusion_pump	smiths-medical medfusion 4000 wireless syringe infusion pump	eq	1.1
smiths-medical:medfusion_4000_wireless_syringe_infusion_pump	smiths-medical medfusion 4000 wireless syringe infusion pump	eq	1.5
smiths-medical:medfusion_4000_wireless_syringe_infusion_pump	smiths-medical medfusion 4000 wireless syringe infusion pump	eq	1.6

CNA Affected

[
  {
    "product": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump"
      }
    ]
  }
]

References

www.securityfocus.com/bid/100665

ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.8%

JSON

Related for CVE-2017-12723

prion1 nvd1 cvelist1 ics1