Smiths-medical

Medfusion 4000 Wireless Syringe Infusion Pump

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2017-12718

  • EPSS 25.77%
  • Veröffentlicht 15.02.2018 10:29:00
  • Zuletzt bearbeitet 21.11.2024 03:10:05

A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffe...

8.1

CVE-2017-12720

  • EPSS 1.23%
  • Veröffentlicht 15.02.2018 10:29:00
  • Zuletzt bearbeitet 21.11.2024 03:10:05

An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections.

5.9

CVE-2017-12721

  • EPSS 0.13%
  • Veröffentlicht 15.02.2018 10:29:00
  • Zuletzt bearbeitet 21.11.2024 03:10:05

An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM...

5.3

CVE-2017-12722

  • EPSS 0.85%
  • Veröffentlicht 15.02.2018 10:29:00
  • Zuletzt bearbeitet 21.11.2024 03:10:05

An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Sm...

4.3

CVE-2017-12723

  • EPSS 0.18%
  • Veröffentlicht 15.02.2018 10:29:00
  • Zuletzt bearbeitet 21.11.2024 03:10:05

A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured...

8.1

CVE-2017-12724

  • EPSS 0.46%
  • Veröffentlicht 15.02.2018 10:29:00
  • Zuletzt bearbeitet 21.11.2024 03:10:06

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP serve...

6.8

CVE-2017-12725

  • EPSS 0.18%
  • Veröffentlicht 15.02.2018 10:29:00
  • Zuletzt bearbeitet 21.11.2024 03:10:06

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wire...

7.5

CVE-2017-12726

  • EPSS 0.22%
  • Veröffentlicht 15.02.2018 10:29:00
  • Zuletzt bearbeitet 21.11.2024 03:10:06

A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external...