CVE-2021-23207

MEDIUM

Fresenius Kabi Vigilant MasterMed <2.0.1.3 - Info Disclosure

Title source: llm

Description

An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.

References (1)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 16.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-522 CWE-256

Status published

Products (7)

fresenius-kabi/agilia_connect < d25

fresenius-kabi/agilia_partner_maintenance_software < 3.3.0

fresenius-kabi/link\+_agilia_firmware 3.0 (2 CPE variants)

fresenius-kabi/link\+_agilia_firmware < 3.0

fresenius-kabi/vigilant_centerium 1.0

fresenius-kabi/vigilant_insight 1.0

fresenius-kabi/vigilant_mastermed 1.0

Published Jan 21, 2022

Tracked Since Feb 18, 2026