CVE-2017-12723 Information

Feb 14, 2021 cve

Description

A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Version 1.1 1.5 and 1.6. The pump stores some passwords in the configuration file which are accessible if the pump is configured to allow external communications.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

http://www.securityfocus.com/bid/100665 https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.7

Share on: