Описание
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*
cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*
cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*
cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00459
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections.
EPSS
Процентиль: 64%
0.00459
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-798