Code injection

2022-01-2119:15:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.4%

JSON

Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service.

CPENameOperatorVersion
agilia_connecteq<= d25
agilia_partner_maintenance_softwarele3.3.0
link\\+_agilia_firmwarelt3.0
link\\+_agilia_firmwareeq3.0
link\\+_agilia_firmwareeq3.0 d15
vigilant_centeriumeq1.0
vigilant_insighteq1.0
vigilant_mastermedeq1.0

Name	Operator	Version
agilia_connect	eq	<= d25
agilia_partner_maintenance_software	le	3.3.0
link\\+_agilia_firmware	lt	3.0
link\\+_agilia_firmware	eq	3.0
link\\+_agilia_firmware	eq	3.0 d15
vigilant_centerium	eq	1.0
vigilant_insight	eq	1.0
vigilant_mastermed	eq	1.0

References

www.cisa.gov/uscert/ics/advisories/icsma-21-355-01