CVE-2021-23195

MEDIUM

Fresenius Kabi Vigilant Software Suite - Info Disclosure

Title source: llm

Description

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server.

References (1)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

Scores

CVSS v3 5.3

EPSS 0.0018

EPSS Percentile 39.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-548 CWE-200

Status published

Affected Products (8)

fresenius-kabi/agilia_connect_firmware < d25

fresenius-kabi/agilia_partner_maintenance_software < 3.3.0

fresenius-kabi/vigilant_centerium

fresenius-kabi/vigilant_insight

fresenius-kabi/vigilant_mastermed

fresenius-kabi/link\+_agilia_firmware < 3.0

fresenius-kabi/link\+_agilia_firmware

Timeline

Published Jan 21, 2022

Tracked Since Feb 18, 2026