CVE-2021-33848 : Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. An attacker could inject JavaScript in a GET parameter of HTTP requests and perform unauthorized actions such as stealing internal information and performing actions in context of an authenticated user.

Published 2022-01-21 19:15:09

Updated 2022-01-28 14:01:06

Source ICS-CERT

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2021-33848

Fresenius-kabi » Link+ Agilia Firmware
Versions before (<) 3.0
cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fresenius-kabi » Link+ Agilia » Version: N/A
Fresenius-kabi » Link+ Agilia Firmware » Version: 3.0
cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:-:*:*:*:*:*:*
Matching versions
When used together with: Fresenius-kabi » Link+ Agilia » Version: N/A
Fresenius-kabi » Link+ Agilia Firmware » Version: 3.0 Update D15
cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:d15:*:*:*:*:*:*
Matching versions
When used together with: Fresenius-kabi » Link+ Agilia » Version: N/A
Fresenius-kabi » Agilia Partner Maintenance Software
Versions up to, including, (<=) 3.3.0
cpe:2.3:a:fresenius-kabi:agilia_partner_maintenance_software:*:*:*:*:*:*:*:*
Matching versions
Fresenius-kabi » Vigilant Centerium » Version: 1.0
cpe:2.3:a:fresenius-kabi:vigilant_centerium:1.0:*:*:*:*:*:*:*
Matching versions
Fresenius-kabi » Vigilant Insight » Version: 1.0
cpe:2.3:a:fresenius-kabi:vigilant_insight:1.0:*:*:*:*:*:*:*
Matching versions
Fresenius-kabi » Vigilant Mastermed » Version: 1.0
cpe:2.3:a:fresenius-kabi:vigilant_mastermed:1.0:*:*:*:*:*:*:*
Matching versions
Fresenius-kabi » Agilia Connect Firmware
Versions up to, including, (<=) d25
cpe:2.3:o:fresenius-kabi:agilia_connect_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fresenius-kabi » Agilia Connect » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-33848

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 36 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-33848

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	2.8	2.5	ICS-CERT
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None
6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2021-33848

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2021-33848

https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

Fresenius Kabi Agilia Connect Infusion System | CISA
Third Party Advisory;US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-33848

Products affected by CVE-2021-33848

Exploit prediction scoring system (EPSS) score for CVE-2021-33848

CVSS scores for CVE-2021-33848

CWE ids for CVE-2021-33848

References for CVE-2021-33848