CVE-2017-12725

Name of the Vulnerable Software and Affected Versions: Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump versions 1.1, 1.5, and 1.6

Description: A Use of Hard-coded Credentials issue was discovered in the pump, where it uses hard-coded credentials to automatically establish a wireless network connection with its default network configuration. The pump will establish this connection even if it is connected and active via Ethernet. However, if the wireless association is established and the Ethernet cable is then attached, the pump directs all network traffic over the wired Ethernet connection instead.

Recommendations: For version 1.1, update the network configuration to avoid using hard-coded credentials. For version 1.5, change the default network settings to prevent automatic wireless network connections. For version 1.6, modify the pump's settings to prioritize Ethernet connections over wireless when both are available.