Agilia Connect Firmware Security Vulnerabilities and Issues — Agilia Connect Firmware CVE List

Lucene search

Fresenius-kabiAgilia Connect Firmware

9 matches found

CVE•added 2022/01/21 7:15 p.m.•48 views

CVE-2021-23196

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.

9.8CVSS8.7AI score0.00173EPSS

CVE•added 2022/01/21 7:15 p.m.•45 views

CVE-2021-43355

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

9.8CVSS8.6AI score0.00085EPSS

CVE•added 2022/01/21 7:15 p.m.•44 views

CVE-2021-23233

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameter...

9.8CVSS8.6AI score0.00319EPSS

CVE•added 2022/01/21 7:15 p.m.•44 views

CVE-2021-31562

The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an enti...

9.1CVSS7.8AI score0.00088EPSS

CVE•added 2022/01/21 7:15 p.m.•41 views

CVE-2021-23195

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all ...

5.3CVSS5.7AI score0.00177EPSS

CVE•added 2022/01/21 7:15 p.m.•40 views

CVE-2021-44464

Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software.

8.8CVSS7.6AI score0.00181EPSS

CVE•added 2022/01/21 7:15 p.m.•38 views

CVE-2021-33846

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users.

7.2CVSS6.6AI score0.00045EPSS

CVE•added 2022/01/21 7:15 p.m.•38 views

CVE-2021-33848

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. An attacker could inject JavaScript in a GET parameter of HTTP requests and perform unauthorized actions such as stealing internal information and performing actions...

6.1CVSS5.8AI score0.00171EPSS

CVE•added 2022/01/21 7:15 p.m.•33 views

CVE-2021-23236

Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system.

7.8CVSS7.5AI score0.00205EPSS