PT-2022-10291 · Fresenius Kabi · Fresenius Kabi Agilia Link ++1
Published
2022-01-21
·
Updated
2022-10-27
·
CVE-2021-33843
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Fresenius Kabi Agilia SP MC WiFi versions prior to vD25
Fresenius Kabi Agilia Link + version 3.0
Description
The issue concerns a default configuration page that is accessible without authentication. An attacker may exploit this to change exposed configuration values, such as network settings.
Recommendations
For Fresenius Kabi Agilia SP MC WiFi versions prior to vD25, update to a version newer than vD25 to resolve the issue.
For Fresenius Kabi Agilia Link + version 3.0, consider restricting access to the configuration page until a patch is available.
Fix
Missing Authentication
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fresenius Kabi Agilia Link +
Fresenius Kabi Agilia Sp Mc Wifi