← Back

CVE-2021-23233

nvd nist
Published: Jan 21, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters.

Affected (8)

Fresenius Kabi
6 products
Agilia Partner Maintenance Software
Vigilant Centerium
Vigilant Insight
Vigilant Mastermed
Agilia Connect Firmware
Link+ Agilia Firmware
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Agilia Partner Maintenance Software
Up to 3.3.0
Vigilant Centerium
Version 1.0
Vigilant Insight
Version 1.0
Vigilant Mastermed
Version 1.0
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Agilia Connect Firmware
Up to d25
Running on/withPlatform Versions
Fresenius Kabi
Agilia Connect
All versions
Configuration C
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fresenius Kabi
Link+ Agilia Firmware
Before 3.0
Link+ Agilia Firmware
Version 3.0
Link+ Agilia Firmware
Version 3.0 d15
Running on/withPlatform Versions
Fresenius Kabi
Link+ Agilia
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.