CVE-2021-33843

Description

Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings.

PUBLISHED Reserved 2021-11-30 | Published 2022-01-21 | Updated 2025-04-16 | Assigner icscert

Problem types

CWE-552 Files or Directories Accessible to External Parties

Product status

Credits

Julian Suleder (ERNW Research GmbH), Nils Emmerich (ERNW Research GmbH), Raphael Pavlidis (ERNW Research GmbH), and Dr. Oliver Matula (ERNW Enno Rey Netzwerke GmbH) reported these vulnerabilities to the German Federal Office for Information Security (BSI) in the context of the BSI project ManiMed (Medical Device Manipulation Project).

References

www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

cve.org (CVE-2021-33843)

nvd.nist.gov (CVE-2021-33843)

Download JSON