CVE-2017-12726

HIGH Year: 2017
CVSS v3 Score
7.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-798
View all →

Vulnerability Description

A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impact of this vulnerability is limited to the communications module.

Related Vulnerabilities

CVE-2017-9956

HIGH
CVSS:7.3(High)

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use th...

CWE-7982017

CVE-2018-10813

HIGH
CVSS:7.3(High)

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of ...

CWE-7982018

CVE-2018-10966

HIGH
CVSS:7.3(High)

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contai...

CWE-7982018

CVE-2018-15360

HIGH
CVSS:7.3(High)

An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.

CWE-7982018

CVE-2019-7279

HIGH
CVSS:7.3(High)

Optergy Proton/Enterprise devices have Hard-coded Credentials.

CWE-7982019

CVE-2021-21979

HIGH
CVSS:7.3(High)

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env i...

CWE-7982021