Authentication flaw

2022-01-2119:15:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters.

CPENameOperatorVersion
agilia_connect_firmwareeq<= d25
agilia_partner_maintenance_softwarele3.3.0
link\\+_agilia_firmwarelt3.0
link\\+_agilia_firmwareeq3.0
link\\+_agilia_firmwareeq3.0 d15
vigilant_centeriumeq1.0
vigilant_insighteq1.0
vigilant_mastermedeq1.0

Name	Operator	Version
agilia_connect_firmware	eq	<= d25
agilia_partner_maintenance_software	le	3.3.0
link\\+_agilia_firmware	lt	3.0
link\\+_agilia_firmware	eq	3.0
link\\+_agilia_firmware	eq	3.0 d15
vigilant_centerium	eq	1.0
vigilant_insight	eq	1.0
vigilant_mastermed	eq	1.0

References

www.cisa.gov/uscert/ics/advisories/icsma-21-355-01