Vulnerability Description
Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fresenius-Kabi | Agilia Partner Maintenance Software | <= 3.3.0 |
| Fresenius-Kabi | Vigilant Centerium | 1.0 |
| Fresenius-Kabi | Vigilant Insight | 1.0 |
| Fresenius-Kabi | Vigilant Mastermed | 1.0 |
| Fresenius-Kabi | Agilia Connect Firmware | <= d25 |
| Fresenius-Kabi | Agilia Connect | - |
| Fresenius-Kabi | Link\+ Agilia Firmware | < 3.0 |
| Fresenius-Kabi | Link\+ Agilia | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-23233?
CVE-2021-23233 is a vulnerability with a CVSS score of 7.3 (HIGH). Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoint...
How severe is CVE-2021-23233?
CVE-2021-23233 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23233?
Check the references section above for vendor advisories and patch information. Affected products include: Fresenius-Kabi Agilia Partner Maintenance Software, Fresenius-Kabi Vigilant Centerium, Fresenius-Kabi Vigilant Insight, Fresenius-Kabi Vigilant Mastermed, Fresenius-Kabi Agilia Connect Firmware.