Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

medfusion 4000 wireless syringe infusion pump vulnerabilities and exploits

(subscribe to this query)
8.1
CVSSv3
CVE-2017-12718
A Classic Buffer Overflow issue exists in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execu...
Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.5Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.6
8.1
CVSSv3
CVE-2017-12720
An Improper Access Control issue exists in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections.
Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.6Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.5
5.9
CVSSv3
CVE-2017-12721
An Improper Certificate Validation issue exists in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack.
Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.5Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.6
3.7
CVSSv3
CVE-2017-12723
A Password in Configuration File issue exists in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications.
Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.6Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.5
8.1
CVSSv3
CVE-2017-12724
A Use of Hard-coded Credentials issue exists in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is co...
Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.6Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.5
7.3
CVSSv3
CVE-2017-12726
A Use of Hard-coded Password issue exists in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assess...
Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.6Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.5
5.6
CVSSv3
CVE-2017-12725
A Use of Hard-coded Credentials issue exists in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will...
Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.6Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.5
5.3
CVSSv3
CVE-2017-12722
An Out-of-bounds Read issue exists in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash o...
Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.5Smiths-medical Medfusion 4000 Wireless Syringe Infusion Pump 1.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook