CVE-2021-44464

EPSS 0.64%
Veröffentlicht 21.01.2022 19:15:09
Zuletzt bearbeitet 21.11.2024 06:31:01
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Fresenius Kabi Agilia Connect Infusion System hard coded credentials

Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 8 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fresenius-kabi ≫ Agilia Connect Firmware Version <= d25

Fresenius-kabi ≫ Agilia Connect Version-

Fresenius-kabi ≫ Agilia Partner Maintenance Software Version <= 3.3.0

Fresenius-kabi ≫ Vigilant Centerium Version1.0

Fresenius-kabi ≫ Vigilant Insight Version1.0

Fresenius-kabi ≫ Vigilant Mastermed Version1.0

Fresenius-kabi ≫ Link+ Agilia Firmware Version < 3.0

Fresenius-kabi ≫ Link+ Agilia Version-

Fresenius-kabi ≫ Link+ Agilia Firmware Version3.0 Update-

Fresenius-kabi ≫ Link+ Agilia Version-

Fresenius-kabi ≫ Link+ Agilia Firmware Version3.0 Updated15

Fresenius-kabi ≫ Link+ Agilia Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.458

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
ics-cert@hq.dhs.gov	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2021-44464

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44464

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44464

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-44464