118 matches found
EUVD-2015-3996
Malware in sbrugna...
EUVD-2015-3988
Malware in sbrugna...
EUVD-2014-5294
Malware in sbrugna...
EUVD-2015-1155
Malware in sbrugna...
EUVD-2015-3984
Malware in sbrugna...
EUVD-2015-3989
Malware in sbrugna...
EUVD-2014-5319
Malware in sbrugna...
EUVD-2014-5322
Malware in sbrugna...
EUVD-2015-1156
Malware in sbrugna...
CVE-2020-12040
Sigma Spectrum Infusion System v's6.x model 35700BAX and Baxter Spectrum Infusion System Versions 8.x model 35700BAX2 at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has...
CVE-2023-30561 Lack of Cryptographic Security of IUI Bus
The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running...
CVE-2021-43355 Fresenius Kabi Agilia Connect Infusion System use of client side authentication
Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...
CVE-2021-33848 Fresenius Kabi Agilia Connect Infusion System cross site scripting
Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. An attacker could inject JavaScript in a GET parameter of HTTP requests and perform unauthorized actions such as stealing internal information and performing actions...
CVE-2021-44464 Fresenius Kabi Agilia Connect Infusion System hard coded credentials
Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software...
CVE-2021-44464 Fresenius Kabi Agilia Connect Infusion System hard coded credentials
Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software...
CVE-2021-33843 Fresenius Kabi Agilia Connect Infusion System files or directories accessible to external parties
Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings...
CVE-2021-31562 Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm
The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an...
CVE-2021-23207 Fresenius Kabi Agilia Connect Infusion System plaintext storage of a password
An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating user...
CVE-2021-23195 Fresenius Kabi Agilia Connect Infusion System exposure of information through directory listing
Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 has the option for automated indexing directory listing activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all...
CVE-2021-23233 Fresenius Kabi Agilia Connect Infusion System
Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration...