CVE-2021-31562
Severity CVSS v4.0:
Pending analysis
Type:
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
Publication date:
21/01/2022
Last modified:
28/01/2022
Description
The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an entity to gain access to sensitive information.
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:fresenius-kabi:agilia_connect_firmware:*:*:*:*:*:*:*:* | d25 (including) | |
| cpe:2.3:h:fresenius-kabi:agilia_connect:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fresenius-kabi:agilia_partner_maintenance_software:*:*:*:*:*:*:*:* | 3.3.0 (including) | |
| cpe:2.3:a:fresenius-kabi:vigilant_centerium:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fresenius-kabi:vigilant_insight:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fresenius-kabi:vigilant_mastermed:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fresenius-kabi:agilia_link\+_firmware:*:*:*:*:*:*:*:* | 3.0 (excluding) | |
| cpe:2.3:o:fresenius-kabi:agilia_link\+_firmware:3.0:-:*:*:*:*:*:* | ||
| cpe:2.3:o:fresenius-kabi:agilia_link\+_firmware:3.0:d15:*:*:*:*:*:* | ||
| cpe:2.3:h:fresenius-kabi:agilia_link\+:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page