CVE-2021-23207

MEDIUM

Fresenius Kabi Vigilant MasterMed <2.0.1.3 - Info Disclosure

Title source: llm

Description

An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.

References (1)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 16.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-256

Status published

Affected Products (8)

fresenius-kabi/agilia_connect < d25

fresenius-kabi/agilia_partner_maintenance_software < 3.3.0

fresenius-kabi/vigilant_centerium

fresenius-kabi/vigilant_insight

fresenius-kabi/vigilant_mastermed

fresenius-kabi/link\+_agilia_firmware < 3.0

fresenius-kabi/link\+_agilia_firmware

Timeline

Published Jan 21, 2022

Tracked Since Feb 18, 2026