CVE-2021-43355 - Vulnerability Details

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypass the client-side checks. An attacker with knowledge of the service user could circumvent the client-side control and login with service privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Fresenius-kabi	Agilia Connect Agilia Connect Firmware Agilia Partner Maintenance Software Link\+ Agilia Link\+ Agilia Firmware Vigilant Centerium Vigilant Insight Vigilant Mastermed

Configuration 1 [-]

OR	cpe:2.3:a:fresenius-kabi:agilia_partner_maintenance_software::::::::
	cpe:2.3:a:fresenius-kabi:vigilant_centerium:1.0:::::::*
	cpe:2.3:a:fresenius-kabi:vigilant_insight:1.0:::::::*
	cpe:2.3:a:fresenius-kabi:vigilant_mastermed:1.0:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:fresenius-kabi:agilia_connect_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fresenius-kabi:agilia_connect:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware::::::::
	cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:-::::::
	cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:d15::::::

cpe:2.3:h:fresenius-kabi:link\+_agilia:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

History

Wed, 16 Apr 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-01-21T18:17:44.000Z

Updated: 2025-04-16T16:46:31.988Z

Reserved: 2021-11-30T00:00:00.000Z

Link: CVE-2021-43355

Vulnrichment

Updated: 2024-08-04T03:55:28.496Z

NVD

Status : Modified

Published: 2022-01-21T19:15:09.270

Modified: 2024-11-21T06:29:07.330

Link: CVE-2021-43355

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object