CVE-2017-12725

{"id": "CVE-2017-12725", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.2}]}, "published": "2018-02-15T10:29:00.523", "references": [{"url": "http://www.securityfocus.com/bid/100665", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection."}, {"lang": "es", "value": "Se ha descubierto un problema de uso de credenciales embebidas en Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, en versiones 1.1, 1.5 y 1.6. La bomba con configuraci\u00f3n de red por defecto emplea credenciales embebidas para establecer autom\u00e1ticamente una conexi\u00f3n de red inal\u00e1mbrica. La bomba establecer\u00e1 una conexi\u00f3n de red inal\u00e1mbrica incluso aunque la bomba est\u00e9 conectada por Ethernet y activa. Sin embargo, si se establece la asociaci\u00f3n inal\u00e1mbrica y el cable de Ethernet est\u00e1 conectado, la bomba no conecta la pila de red a la red inal\u00e1mbrica. En este caso, todo el tr\u00e1fico de red se dirige a trav\u00e9s de la conexi\u00f3n de Ethernet cableada."}], "lastModified": "2018-03-02T14:40:15.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9DB2BFA-A772-4A90-B79B-D6FB2090A63C"}, {"criteria": "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC867D0F-2FF0-4E99-87FF-84A873F56341"}, {"criteria": "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "048B188C-D620-42EE-84D5-61C3F03F7FAA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9874E6FE-4025-484B-A7D4-62824A299ECA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}