CVE-2017-12726

Name of the Vulnerable Software and Affected Versions: Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump versions 1.1, 1.5, 1.6

Description: A Use of Hard-coded Password issue was discovered, where Telnet on the pump uses hardcoded credentials. This can be exploited if the pump is configured to allow external communications. The impact of this issue is limited to the communications module, as it is not possible to upload files via Telnet.

Recommendations: For versions 1.1, 1.5, and 1.6, consider restricting access to the Telnet service to minimize the risk of exploitation, as the hardcoded credentials can be used if the pump allows external communications.