Design/Logic Flaw

2022-01-2119:15:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.6%

JSON

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypass the client-side checks. An attacker with knowledge of the service user could circumvent the client-side control and login with service privileges.

CPENameOperatorVersion
agilia_connect_firmwareeq<= d25
agilia_partner_maintenance_softwarele3.3.0
link\\+_agilia_firmwarelt3.0
link\\+_agilia_firmwareeq3.0
link\\+_agilia_firmwareeq3.0 d15
vigilant_centeriumeq1.0
vigilant_insighteq1.0
vigilant_mastermedeq1.0

Name	Operator	Version
agilia_connect_firmware	eq	<= d25
agilia_partner_maintenance_software	le	3.3.0
link\\+_agilia_firmware	lt	3.0
link\\+_agilia_firmware	eq	3.0
link\\+_agilia_firmware	eq	3.0 d15
vigilant_centerium	eq	1.0
vigilant_insight	eq	1.0
vigilant_mastermed	eq	1.0

References

www.cisa.gov/uscert/ics/advisories/icsma-21-355-01