8.1
CVE-2017-12720
- EPSS 1.89%
- Veröffentlicht 15.02.2018 10:29:00
- Zuletzt bearbeitet 21.11.2024 03:10:05
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginAn Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.89% | 0.768 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
http://www.securityfocus.com/bid/100665
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A