How severe is CVE-2017-12725?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.6 out of 10.

What type of vulnerability is CVE-2017-12725?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2017-12725 - MEDIUM Severity | CVSS 5.6

Vulnerability Description

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection.

Related Vulnerabilities

CVE-2021-38969

MEDIUM

CVSS:5.6(Medium)

IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609.

CWE-7982021

CVE-2018-1650

MEDIUM

CVSS:5.5(Medium)

IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.

CWE-7982018

CVE-2019-16150

MEDIUM

CVSS:5.5(Medium)

Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local sto...

CWE-7982019

CVE-2019-5106

MEDIUM

CVSS:5.5(Medium)

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway ...

CWE-7982019

CVE-2020-11723

MEDIUM

CVSS:5.5(Medium)

Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when perform...

CWE-7982020

CVE-2020-12376

MEDIUM

CVSS:5.5(Medium)

Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclos...

CWE-7982020