GCVE - cpe:2.3:a:n/a:smiths_medical_medfusion_4000_wireless_syringe_infusion

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:smiths_medical_medfusion_4000_wireless_syringe_infusion_pump:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump (`bad90639-22e4-526a-854c-c55c3134cd6e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-12726`	vulnerable	2026-06-08 05:08:47.514810	Details available A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impact of this vulnerability is limited to the communications module. Published: 2018-02-15T10:00:00.000Z Updated: 2024-08-05T18:43:56.536Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A http://www.securityfocus.com/bid/100665	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-12725`	vulnerable	2026-06-08 05:08:47.514442	Details available A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection. Published: 2018-02-15T10:00:00.000Z Updated: 2024-08-05T18:43:56.615Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A http://www.securityfocus.com/bid/100665	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-12724`	vulnerable	2026-06-08 05:08:47.514058	Details available A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections. Published: 2018-02-15T10:00:00.000Z Updated: 2024-08-05T18:43:56.473Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A http://www.securityfocus.com/bid/100665	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-12723`	vulnerable	2026-06-08 05:08:47.513693	Details available A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications. Published: 2018-02-15T10:00:00.000Z Updated: 2024-08-05T18:43:56.470Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A http://www.securityfocus.com/bid/100665	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-12722`	vulnerable	2026-06-08 05:08:47.513319	Details available An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of the therapeutic module. Published: 2018-02-15T10:00:00.000Z Updated: 2024-08-05T18:43:56.562Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A http://www.securityfocus.com/bid/101252 http://www.securityfocus.com/bid/100665	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-12721`	vulnerable	2026-06-08 05:08:47.512917	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-12720`	vulnerable	2026-06-08 05:08:47.512535	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-12718`	vulnerable	2026-06-08 05:08:47.509055	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump

PURL mappings

Vulnerability references

Contribute