A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection.
Published 2018-02-15 10:29:01
Updated 2018-03-02 14:40:15
Source ICS-CERT
View at NVD,   CVE.org

Products affected by CVE-2017-12725

Exploit prediction scoring system (EPSS) score for CVE-2017-12725

0.07%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-12725

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.8
MEDIUM AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
NIST
5.6
MEDIUM CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2.2
3.4
NIST

CWE ids for CVE-2017-12725

References for CVE-2017-12725

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!