The U.S. Dept. of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team has released a warning over issues with Smiths Medical’s Medfusion 4000 wireless syringe infusion pump after discovering eight cybersecurity vulnerabilities in the device.
The notice is for versions 1.1, 1.5 and 1.6 Medfusion 4000 wireless syringe infusion pumps, according to the DHS notice.
Vulnerabilities include third party components which could cause crashes or allow remote code to be used on the devices – as well as issues with the device’s wireless and wired network configuration and credentials.
The DHS said that the vulnerabilities can be exploited remotely, though there have been no reports of anyone trying to exploit them.