CVE-2021-23207

MEDIUM

Fresenius Kabi Vigilant MasterMed <2.0.1.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

Scores

CVSS v3 6.5
EPSS 0.0022
EPSS Percentile 12.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-522 CWE-256
Status published
Products (7)
fresenius-kabi/agilia_connect < d25
fresenius-kabi/agilia_partner_maintenance_software < 3.3.0
fresenius-kabi/link\+_agilia_firmware 3.0 (2 CPE variants)
fresenius-kabi/link\+_agilia_firmware < 3.0
fresenius-kabi/vigilant_centerium 1.0
fresenius-kabi/vigilant_insight 1.0
fresenius-kabi/vigilant_mastermed 1.0
Published Jan 21, 2022
Tracked Since Feb 18, 2026