A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100665 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A | Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/100665 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:10
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/100665 - Third Party Advisory, VDB Entry | |
References | () https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A - Third Party Advisory, US Government Resource |
Information
Published : 2018-02-15 10:29
Updated : 2024-11-21 03:10
NVD link : CVE-2017-12724
Mitre link : CVE-2017-12724
CVE.ORG link : CVE-2017-12724
JSON object : View
Products Affected
smiths-medical
- medfusion_4000_wireless_syringe_infusion_pump
CWE
CWE-798
Use of Hard-coded Credentials