CVE-2017-12721

NVD

https://nvd.nist.gov/vuln/detail/CVE-2017-12721

CWE

https://cwe.mitre.org/data/definitions/295.html

An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name	Vendor	Start Version	End Version
Medfusion_4000_wireless_syringe_infusion_pump	Smiths-medical	1.1 (including)	1.1 (including)
Medfusion_4000_wireless_syringe_infusion_pump	Smiths-medical	1.5 (including)	1.5 (including)
Medfusion_4000_wireless_syringe_infusion_pump	Smiths-medical	1.6 (including)	1.6 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/459.html
https://cwe.mitre.org/data/definitions/475.html

References

http://www.securityfocus.com/bid/100665
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
http://www.securityfocus.com/bid/100665
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A

Improper Certificate Validation

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References