Vulnerability Details : CVE-2017-12721
An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack.
Exploit prediction scoring system (EPSS) score for CVE-2017-12721
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 28 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-12721
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2017-12721
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-12721
-
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Vulnerabilities (Update A) | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/100665
Medfusion 4000 Wireless Syringe Infusion Pump ICSMA-17-250-02 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Products affected by CVE-2017-12721
- cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*When used together with: Smiths-medical » Medfusion 4000 Wireless Syringe Infusion Pump » Version: N/A
- cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*When used together with: Smiths-medical » Medfusion 4000 Wireless Syringe Infusion Pump » Version: N/A
- cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*When used together with: Smiths-medical » Medfusion 4000 Wireless Syringe Infusion Pump » Version: N/A