PT-2018-5448 · Smiths Medical · Medfusion 4000 Wireless Syringe Infusion Pump

Published

2018-02-15

Updated

2019-10-03

CVE-2017-12720

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump versions 1.1, 1.5, and 1.6

Description: An issue with improper access control was found. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections.

Recommendations: For version 1.1, consider disabling FTP connections until a fix is available. For version 1.5, restrict access to the FTP server to minimize the risk of exploitation. For version 1.6, avoid using the FTP server until the issue is resolved.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2017-12720

Affected Products

Medfusion 4000 Wireless Syringe Infusion Pump

PT-2018-5448 · Smiths Medical · Medfusion 4000 Wireless Syringe Infusion Pump

CVE-2017-12720

Weakness Enumeration

Related Identifiers

Affected Products

References · 4