Vulnerability Details : CVE-2017-12720
An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections.
Products affected by CVE-2017-12720
- cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*When used together with: Smiths-medical » Medfusion 4000 Wireless Syringe Infusion Pump » Version: N/A
- cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*When used together with: Smiths-medical » Medfusion 4000 Wireless Syringe Infusion Pump » Version: N/A
- cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*When used together with: Smiths-medical » Medfusion 4000 Wireless Syringe Infusion Pump » Version: N/A
Exploit prediction scoring system (EPSS) score for CVE-2017-12720
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-12720
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2017-12720
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-12720
-
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Vulnerabilities (Update A) | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/100665
Medfusion 4000 Wireless Syringe Infusion Pump ICSMA-17-250-02 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Jump to