HIGH🇵🇱 Wersja polska

CVE-2021-41835

CVSS 7.3v3.1pub. 2022-01-21upd. 2024-11-21

Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  • Fresenius Kabi Agilia Connect

    OS
    Fresenius-Kabi
    ≤ d25
  • Fresenius Kabi Agilia Partner Maintenance Software

    APP
    Fresenius-Kabi
    ≤ 3.3.0
  • Fresenius Kabi Link\+ Agilia

    HW
    Fresenius-Kabi
    wszystkie wersje
  • Fresenius Kabi Link\+ Agilia Firmware

    OS
    Fresenius-Kabi
    3.0< 3.0
  • Fresenius Kabi Vigilant Centerium

    APP
    Fresenius-Kabi
    1.0
  • Fresenius Kabi Vigilant Insight

    APP
    Fresenius-Kabi
    1.0
  • Fresenius Kabi Vigilant Mastermed

    APP
    Fresenius-Kabi
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-23233HIGH7.3ten sam produkt

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication i...

CVE-2021-23236HIGH7.5ten sam produkt

Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Li...

CVE-2021-43355HIGH7.3ten sam produkt

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated...

CVE-2021-23196HIGH7.3ten sam produkt

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms ex...

CVE-2021-33848MEDIUM5.4ten sam produkt

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-...