Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01 | Third Party Advisory US Government Resource |
https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
21 Nov 2024, 05:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01 - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 7.3 |
Information
Published : 2022-01-21 19:15
Updated : 2024-11-21 05:51
NVD link : CVE-2021-23233
Mitre link : CVE-2021-23233
CVE.ORG link : CVE-2021-23233
JSON object : View
Products Affected
fresenius-kabi
- agilia_connect
- vigilant_mastermed
- link\+_agilia_firmware
- link\+_agilia
- vigilant_insight
- agilia_connect_firmware
- vigilant_centerium
- agilia_partner_maintenance_software