Vulnerability CVE-2017-12721

Vulnerability CVE-2017-12721

Published: 2018-02-15

Description:

An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack.

Type:

CWE-295

(Certificate Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Smiths-medical -> Medfusion 4000 wireless syringe infusion pump

References:

http://www.securityfocus.com/bid/100665

https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A

Copyright 2024, cxsecurity.com