ICSMA-17-250-02A · Published 2017-12-12 · View on CISA ICS-CERT ↗

Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Vulnerabilities (Update A)

CVSS 3.7 LOW

Risk Summary

This updated advisory is a follow-up to the original advisory titled ICSMA-17-250-02 Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Vulnerabilities that was published September 7, 2017, on the NCCIC/ICS-CERT web site.

CVEs (8)

CVE-2017-12718 CVE-2017-12722 CVE-2017-12725 CVE-2017-12720 CVE-2017-12724 CVE-2017-12726 CVE-2017-12721 CVE-2017-12723

Remediations

Smiths Medical has released update Version 1.6.1 to mitigate the vulnerabilities in the Medfusion 4000 Wireless Syringe Infusion Pump.
Smiths Medical recommends users apply the following defensive measures:
For additional information about the vulnerabilities, proposed measures, or obtaining the product fix, contact Smiths Medical Technical Support at:
Tel: +1 (800) 258 5361 or +01 614 210 7300
Online: https://smiths-medical.custhelp.com/
Email: [email protected]
[email protected]
ICS-CERT also provides a section for security recommended practices on the ICS-CERT web page athttp://ics-cert.us-cert.gov/content/recommended-practices.

Affected Vendors

Smiths Medical

Affected Products (3)

Smiths Medical · Medfusion 4000 Wireless Syringe Infusion Pump 1.1

Smiths Medical · Medfusion 4000 Wireless Syringe Infusion Pump 1.6

Smiths Medical · Medfusion 4000 Wireless Syringe Infusion Pump 1.5

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more