CVE-2017-12723
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
15/02/2018
Last modified:
02/03/2018
Description
A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications.
Impact
Base Score 3.x
3.70
Severity 3.x
LOW
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page