Lucene search

[email protected]CVE-2021-23236

HistoryJan 21, 2022 - 7:15 p.m.

CVE-2021-23236

2022-01-2119:15:00

CWE-400

[email protected]

web.nvd.nist.gov

cve-2021-23236

fresenius kabi agilia link+

device security

vulnerability

hard reset

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

36.4%

JSON

Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system.

CPENameOperatorVersion
fresenius-kabi:vigilant_centeriumfresenius-kabi vigilant centeriumeq1.0
fresenius-kabi:vigilant_mastermedfresenius-kabi vigilant mastermedeq1.0
fresenius-kabi:vigilant_insightfresenius-kabi vigilant insighteq1.0
fresenius-kabi:agilia_partner_maintenance_softwarefresenius-kabi agilia partner maintenance softwarele3.3.0
fresenius-kabi:agilia_connect_firmwarefresenius-kabi agilia connect firmwareled25
fresenius-kabi:link\+_agilia_firmwarefresenius-kabi link\+ agilia firmwarelt3.0

CPE	Name	Operator	Version
fresenius-kabi:vigilant_centerium	fresenius-kabi vigilant centerium	eq	1.0
fresenius-kabi:vigilant_mastermed	fresenius-kabi vigilant mastermed	eq	1.0
fresenius-kabi:vigilant_insight	fresenius-kabi vigilant insight	eq	1.0
fresenius-kabi:agilia_partner_maintenance_software	fresenius-kabi agilia partner maintenance software	le	3.3.0
fresenius-kabi:agilia_connect_firmware	fresenius-kabi agilia connect firmware	le	d25
fresenius-kabi:link\+_agilia_firmware	fresenius-kabi link\+ agilia firmware	lt	3.0

References

www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

36.4%

JSON

Related for CVE-2021-23236

prion1 cnvd1 cvelist1 ics1