CVE-2017-12723
low-risk
Published 2018-02-15
A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications.
Do I need to act?
-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10
Low
NETWORK
/ HIGH complexity
Affected Products (3)
Medfusion 4000 Wireless Syringe Infusion Pump
Medfusion 4000 Wireless Syringe Infusion Pump
Medfusion 4000 Wireless Syringe Infusion Pump
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/100665
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
Third Party Advisory
http://www.securityfocus.com/bid/100665
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
23
/ 100
low-risk
Severity
13/34 · Low
Exploitability
1/34 · Minimal
Exposure
9/34 · Low