CVE-2021-23195

MEDIUM

Fresenius Kabi Vigilant Software Suite - Info Disclosure

Title source: llm

Description

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server.

References (1)

Core 1

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

Scores

CVSS v3 5.3

EPSS 0.0084

EPSS Percentile 53.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200 CWE-548

Status published

Products (7)

fresenius-kabi/agilia_connect_firmware < d25

fresenius-kabi/agilia_partner_maintenance_software < 3.3.0

fresenius-kabi/link\+_agilia_firmware 3.0 (2 CPE variants)

fresenius-kabi/link\+_agilia_firmware < 3.0

fresenius-kabi/vigilant_centerium 1.0

fresenius-kabi/vigilant_insight 1.0

fresenius-kabi/vigilant_mastermed 1.0

Published Jan 21, 2022

Tracked Since Feb 18, 2026