cbcvebase.

Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump vulnerabilities

8 known vulnerabilities affecting smiths-medical/medfusion_4000_wireless_syringe_infusion_pump.

Total CVEs
8
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2017-12718P2HIGHCVSS 8.1PoCv1.1v1.5+1 more2018-02-15
CVE-2017-12718 [HIGH] CWE-120 CVE-2017-12718: A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Inf A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially mali
nvd
CVE-2017-12720P3HIGHCVSS 8.1v1.1v1.5+1 more2018-02-15
CVE-2017-12720 [HIGH] CWE-306 CVE-2017-12720: An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe In An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections.
nvd
CVE-2017-12724P3HIGHCVSS 8.1v1.1v1.5+1 more2018-02-15
CVE-2017-12724 [HIGH] CWE-798 CVE-2017-12724: A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syrin A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections.
nvd
CVE-2017-12726P3HIGHCVSS 7.3v1.1v1.5+1 more2018-02-15
CVE-2017-12726 [HIGH] CWE-798 CVE-2017-12726: A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impa
nvd
CVE-2017-12725P4MEDIUMCVSS 5.6v1.1v1.5+1 more2018-02-15
CVE-2017-12725 [MEDIUM] CWE-798 CVE-2017-12725: A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syrin A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Et
nvd
CVE-2017-12721P4MEDIUMCVSS 5.9v1.1v1.5+1 more2018-02-15
CVE-2017-12721 [MEDIUM] CWE-295 CVE-2017-12721: An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Sy An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack.
nvd
CVE-2017-12722P4MEDIUMCVSS 5.3v1.1v1.5+1 more2018-02-15
CVE-2017-12722 [MEDIUM] CWE-125 CVE-2017-12722: An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusio An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of t
nvd
CVE-2017-12723P4LOWCVSS 3.7v1.1v1.5+1 more2018-02-15
CVE-2017-12723 [LOW] CWE-200 CVE-2017-12723: A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syri A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications.
nvd
Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump vulnerabilities | cvebase