SB2022010407 - Multiple vulnerabilities in Fresenius Kabi Agilia Connect Infusion System

Description

This security bulletin contains information about 13 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2021-23236)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

2) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2021-31562)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of a broken or risky cryptographic algorithm. A remote attacker can eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an entity to gain access to sensitive information.

3) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2021-41835)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected software does not enforce transport layer encryption. A remote attacker can gain access to sensitive information.

4) Insufficiently protected credentials (CVE-ID: CVE-2021-23196)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected software implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently. A remote attacker can read sensitive information.

5) Improper access control (CVE-ID: CVE-2021-23233)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can send requests to sensitive endpoints to perform critical actions or modify critical configuration parameters.

6) Unprotected storage of credentials (CVE-ID: CVE-2021-23207)

The vulnerability allows a local user to gain access to other users' credentials.

The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A local user can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed application and impersonate arbitrary users.

7) Insufficiently protected credentials (CVE-ID: CVE-2021-33843)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the default configuration page is accessible without authentication. A remote attacker can use this functionality to change the exposed configuration values such as network settings.

8) Information disclosure (CVE-ID: CVE-2021-23195)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the Vigilant API has the option for automated indexing (directory listing) activated. A remote attacker can gain unauthorized access to sensitive information on the system.

9) Cross-site scripting (CVE-ID: CVE-2021-33848)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in Vigilant Centerium Dashboard in the GET parameter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

10) Use of hard-coded credentials (CVE-ID: CVE-2021-44464)

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code in the Vigilant MasterMed application. A remote authenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

11) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2021-33846)

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to the Vigilant MasterMed application issues authentication tokens to authenticated users that are signed with a symmetric encryption key. A remote administrator can issue valid JWTs and impersonate arbitrary users.

12) Use of Client-Side Authentication (CVE-ID: CVE-2021-43355)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the Vigilant MasterMed application allows user input to be validated on the client side without authentication by the server. A remote attacker can circumvent the client-side control and login with service privileges.

13) Files or Directories Accessible to External Parties (CVE-ID: CVE-2020-35340)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to Local File Inclusion. A remote attacker can read the file contents from files that the running ExpertPDF process has access to read.

Remediation

Install update from vendor's website.

References

• https://ics-cert.us-cert.gov/advisories/icsma-21-355-01
• https://optionalctf.com/cve-2020-35340-local-file-inclusion-in-expertpdf-9-5-0-14-1-0/