CVE-2017-12723

Name of the Vulnerable Software and Affected Versions: Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump versions 1.1, 1.5, and 1.6

Description: A Password in Configuration File issue was discovered, where the pump stores some passwords in the configuration file. These passwords are accessible if the pump is configured to allow external communications.

Recommendations: For version 1.1, restrict access to the configuration file to minimize the risk of exploitation. For version 1.5, consider disabling external communications until a fix is available. For version 1.6, avoid using the pump with external communications enabled until the issue is resolved.