Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2017-12725
HistoryFeb 15, 2018 - 10:29 a.m.

CVE-2017-12725

2018-02-1510:29:00
CWE-798
[email protected]
web.nvd.nist.gov
3

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

34.7%

JSON

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection.

Affected configurations

Nvd
Node
smiths-medicalmedfusion_4000_wireless_syringe_infusion_pumpMatch1.1
OR
smiths-medicalmedfusion_4000_wireless_syringe_infusion_pumpMatch1.5
OR
smiths-medicalmedfusion_4000_wireless_syringe_infusion_pumpMatch1.6
AND
smiths-medicalmedfusion_4000_wireless_syringe_infusion_pumpMatch-
VendorProductVersionCPE
smiths-medicalmedfusion_4000_wireless_syringe_infusion_pump1.1cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*
smiths-medicalmedfusion_4000_wireless_syringe_infusion_pump1.5cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*
smiths-medicalmedfusion_4000_wireless_syringe_infusion_pump1.6cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*
smiths-medicalmedfusion_4000_wireless_syringe_infusion_pump-cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*

Related

cve 1
cvelist 1
prion 1
thn 1
ics 1
cve
cve
CVE-2017-12725
2018-02-15 10:29:00
cvelist
cvelist
CVE-2017-12725
2018-02-15 10:00:00
prion
prion
Hardcoded credentials
2018-02-15 10:29:00
thn
thn
Hackers Can Remotely Access Syringe Infusion Pumps to Deliver Fatal Overdoses
2017-09-09 02:50:00
ics
ics
Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Vulnerabilities (Update A)
2017-12-12 12:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

34.7%

JSON
Related for NVD:CVE-2017-12725
cve1cvelist1prion1thn1ics1