24 matches found
CVE-2021-41835
Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port...
EUVD-2021-10333
Malware in sbrugna...
EUVD-2021-10335
Malware in sbrugna...
CVE-2021-23236
Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system...
CVE-2021-23196
The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently...
CVE-2021-31562
The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an...
CVE-2021-23196
The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently...
CVE-2021-23196
The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently...
CVE-2021-23236
Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system...
CVE-2021-23236
Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system...
CVE-2021-31562
The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an...
Hardcoded credentials
Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system...
Code injection
Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port...
Authentication flaw
Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration...
CVE-2021-41835 Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm
Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port...
CVE-2021-41835 Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm
Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port...
CVE-2021-41835
CVE-2021-41835 affects Fresenius Kabi Agilia Link+ and related components in Agilia Connect Infusion System. The root issue is failure to enforce transport-layer encryption: data may traverse plaintext, with TLS offered on port 443 but no automatic redirect from unencrypted port 80 to 443. The vu...
CVE-2021-31562
CVE-2021-31562 affects Fresenius Kabi Agilia Link+ (v3.0) due to weak SSL/TLS configuration (broken/risky cryptographic algorithm). Vulnerable component: SSL/TLS configuration on Agilia Link+; impact includes eavesdropping, data manipulation, and impersonation of entities. Mitigation from the ICS...
CVE-2021-23233
CVE-2021-23233 affects Fresenius Kabi Agilia Link+ v3.0 and earlier. It is an improper access control vulnerability allowing unauthenticated clients to reach sensitive endpoints and perform actions or modify configuration parameters. The issue is documented in multiple sources (ICS advisory and R...
CVE-2021-23196 Fresenius Kabi Agilia Connect Infusion System insufficiently protected credentials
The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently...