Vulnerability Details : CVE-2017-12723
A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2017-12723
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 21 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-12723
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
3.7
|
LOW | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.2
|
1.4
|
NIST |
CWE ids for CVE-2017-12723
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-12723
-
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Vulnerabilities (Update A) | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/100665
Medfusion 4000 Wireless Syringe Infusion Pump ICSMA-17-250-02 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Products affected by CVE-2017-12723
- cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*When used together with: Smiths-medical » Medfusion 4000 Wireless Syringe Infusion Pump » Version: N/A
- cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*When used together with: Smiths-medical » Medfusion 4000 Wireless Syringe Infusion Pump » Version: N/A
- cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*When used together with: Smiths-medical » Medfusion 4000 Wireless Syringe Infusion Pump » Version: N/A