CVE-2021-33843 : Security Advisory and Response
Discover the details of CVE-2021-33843 affecting Fresenius Kabi Agilia Connect WiFi infusion systems, the impact, affected versions, exploitation mechanism, and mitigation steps to enhance system security.
Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication, potentially allowing attackers to modify network settings.
Understanding CVE-2021-33843
This CVE discloses a vulnerability in the Agilia Connect WiFi infusion system by Fresenius Kabi, enabling unauthorized access to configuration settings.
What is CVE-2021-33843?
The vulnerability in Agilia SP MC WiFi allows attackers to access its configuration page without authentication, facilitating unauthorized changes to network settings.
The Impact of CVE-2021-33843
With a CVSS base score of 5.3, this medium-severity vulnerability poses a threat to system integrity by enabling unauthorized users to manipulate critical configuration values.
Technical Details of CVE-2021-33843
The vulnerability lies in the default configuration page of Agilia SP MC WiFi infusion systems by Fresenius Kabi, making it accessible without authentication.
Vulnerability Description
Agilia SP MC WiFi vD25 and earlier versions allow unauthenticated access to configuration settings, potentially resulting in unauthorized modifications to network parameters.
Affected Systems and Versions
The affected product is Agilia Connect WiFi by Fresenius Kabi with versions up to D25.
Exploitation Mechanism
Attackers can exploit this vulnerability by accessing the configuration page without the need for authentication, permitting manipulation of network settings.
Mitigation and Prevention
To address CVE-2021-33843, Fresenius Kabi has released updated versions of affected products and provided recommendations to mitigate risks.
Immediate Steps to Take
Users are advised to minimize network exposure for control system devices, place them behind firewalls, and avoid direct Internet access. Secure remote access with VPNs and keep them up to date.
Long-Term Security Practices
Implement regular security updates, enforce strong authentication mechanisms, and monitor the infusion system for any unauthorized access or changes.
Patching and Updates
Fresenius Kabi has developed new versions to fix the vulnerabilities in Agilia Connect WiFi infusion systems. Contact the vendor for information on updating to the latest version, and follow CISA's recommendations until hardware modifications can be implemented.