CVE-2017-12724

Name of the Vulnerable Software and Affected Versions: Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump versions 1.1, 1.5, and 1.6

Description: A Use of Hard-coded Credentials issue was discovered in the FTP server of the pump, where the credentials are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections.

Recommendations: For version 1.1, update the configuration to disable FTP connections until a fix is available. For version 1.5, restrict access to the FTP server to minimize the risk of exploitation. For version 1.6, consider disabling the FTP server functionality until a patch is available.