Vulnerability

CERT-In Vulnerability Note CIVN-2021-0378
Multiple vulnerabilities in Fresenius KabiAgilia Connect Infusion System

Original Issue Date:December 30, 2021

Severity Rating: HIGH

Systems Affected

Agilia Connect WiFi module of the pumps versions prior to vD25
Agilia Link+ versions prior to v3.0 D15
Vigilant Software Suite v1.0: Vigilant Centerium, Vigilant MasterMed and Vigilant Insight
Agilia Partner maintenance software versions prior to v3.3.0

Overview

Multiple vulnerabilities have been reported in Fresenius KabiAgilia Connect Infusion System which could allow a remote attacker to obtain sensitive information, bypass security restrictions or could cause denial of service condition on the targeted system.

Description

1. File Inclusion Vulnerability ( CVE-2020-35340   )

This vulnerability exists in Fresenius KabiAgilia Connect Infusion System due to flaw in ExpertPDF. A remote attacker could exploit this vulnerability by sending a specially crafted URL.
Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information or execute arbitrary code on the targeted system.

2. Information Disclosure Vulnerability ( CVE-2021-23195   )

This vulnerability exists in Fresenius KabiAgilia Connect Infusion System due a flaw in Vigilant API. A remote attacker could exploit this vulnerability by sending a specially crafted request.
Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information on the targeted system.

3. Security Bypass Vulnerability ( CVE-2021-23196   )

This vulnerability exists in Fresenius KabiAgilia Connect Infusion System due to insufficient protection of credentials. A remote attacker could exploit this vulnerability by sending a specially crafted request.
Successful exploitation of this vulnerability could allow an attacker to gain access to user accounts and access sensitive data on the targeted system.

4. Information Disclosure Vulnerability ( CVE-2021-23207   )

This vulnerability exists in Fresenius KabiAgilia Connect Infusion System due to plaintext storage of a password. A remote attacker could exploit this vulnerability by sending a specially crafted request.
Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information on the targeted system.

5. Security Bypass Vulnerability ( CVE-2021-23233   )

This vulnerability exists in Fresenius KabiAgilia Connect Infusion System due to improper access control. A remote attacker could exploit this vulnerability by sending a specially crafted request.
Successful exploitation of this vulnerability could allow an attacker to bypass security restrictions on the targeted system.

6. Denial of Service Vulnerability ( CVE-2021-23236   )

This vulnerability exists in Fresenius KabiAgilia Connect Infusion System due to uncontrolled resource consumption. A remote attacker could exploit this vulnerability by sending a specially crafted request.
Successful exploitation of this vulnerability could allow an attacker to cause denial of service condition on the targeted system.

7. Information Disclosure Vulnerability ( CVE-2021-31562   )

This vulnerability exists in Fresenius KabiAgilia Connect Infusion System due to improper SSL/TLS configuration. A remote attacker could exploit this vulnerability by sending a specially crafted request.
Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information on the targeted system.

8. Security Bypass Vulnerability ( CVE-2021-33843   )

This vulnerability exists in Fresenius KabiAgilia Connect Infusion System due to improper authentication in default configuration page. A remote attacker could exploit this vulnerability by sending a specially crafted request.
Successful exploitation of this vulnerability could allow an attacker to bypass security restrictions and can modify exposed configuration values on the targeted system.

9. Security Bypass Vulnerability ( CVE-2021-33846   )

This vulnerability exists in Fresenius KabiAgilia Connect Infusion System due to improper use of cryptographic algorithm. An attacker could exploit this vulnerability by sending a specially crafted request.
Successful exploitation of this vulnerability could allow an attacker to bypass security restrictions on the targeted system.

10. Cross-site Scripting Vulnerability ( CVE-2021-33848   )

This vulnerability exists in Fresenius KabiAgilia Connect Infusion System due to improper validation of user-supplied input by the Vigilant Centerium Dashboard. An attacker could exploit this vulnerability by persuading a victim to open a specially crafted URL using the GET parameter.
Successful exploitation of this vulnerability could allow an attacker to obtain the victims cookie-based authentication credentials on the targeted system.

11. Information Disclosure Vulnerability ( CVE-2021-41835   )

This vulnerability exists in Fresenius KabiAgilia Connect Infusion System due to flaw in transport layer encryption. A remote attacker could exploit this vulnerability by sending a specially crafted request.
Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information on the targeted system.

12. Security Bypass Vulnerability ( CVE-2021-43355   )

This vulnerability exists in Fresenius KabiAgilia Connect Infusion System due to use of client-side authentication. A remote attacker could exploit this vulnerability by sending a specially crafted request.
Successful exploitation of this vulnerability could allow an attacker to bypass security restrictions and can modify exposed configuration values on the targeted system.

13. Security Bypass Vulnerability ( CVE-2021-44464   )

This vulnerability exists in Fresenius KabiAgilia Connect Infusion System due to hardcoded credentials. Successful exploitation of this vulnerability could allow an attacker to bypass security and gain access on the targeted system.

Solution

Apply appropriate update to the latest versions:

Link+ v3.0 (D16 or later)
VSS v1.0.3 (or later)
Agilia Connect Pumps Wifi Module (D29 or later)
Agilia Connect Partner v3.3.2 (or later)

Vendor Information

Fresenius Kabi
https://www.fresenius-kabi.com/en-ca/products/agilia-connect-infusion-system

References

US-CERT
https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

CVE Name
CVE-2020-35340
CVE-2021-23195
CVE-2021-23196
CVE-2021-23207
CVE-2021-23233
CVE-2021-23236
CVE-2021-31562
CVE-2021-33843
CVE-2021-33846
CVE-2021-33848
CVE-2021-41835
CVE-2021-43355
CVE-2021-44464

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India