Cybersecurity Asset Management

CISA alerts to 13 vulnerabilities in Fresenius Kabi Agilia infusion systems

CISA issued an alert for Fresenius Kabi Agilia Connect Infusion Systems. Pictured: A cropped image of IV drips. ("Not a coat rack" by kbrookes is licensed under CC BY-NC-ND 2.0)

The Department of Homeland Security Cybersecurity Infrastructure and Security Agency released an alert for multiple high-risk vulnerabilities in Fresenius Kabi Agilia Connect Infusion Systems, as the flaws pose serious risk of unauthorized access and other nefarious activities.

A total of 13 high-risk flaws were responsibly disclosed by security researchers to the German Federal Office for Information Security. The vulnerabilities exist in several Agilia Connect Infusion System components, including the WiFi module of the infusion pumps, software suite, and the maintenance software.

The flaws range from 5.3 to 7.5 in severity and are remotely exploitable, with low attack complexity. CISA warns that a successful exploit could enable an attacker to gain access to sensitive data, modify system settings or parameters, or perform arbitrary actions.

One of the most severe flaws is tied to uncontrolled resource consumption, where an attacker could interrupt the normal operation of the medical device with requests. A successful exploit of the Agilia Link+ flaw would request a reboot through a hard reset, “triggered by pressing a button on the rack system.”

The second-most critical vulnerability is caused by the devices’ use of unmaintained third-party components. The affected system uses the ExpertPdf library and lighttpd web server, which are out-of-date and hold publicly known vulnerabilities.

CISA reminded entities that “outdated software may contain vulnerabilities not publicly known but may be reverse-engineered by an attacker.”

The Agilia Link+ holds other serious flaws, including the use of a risky cryptographic algorithm. The management interface doesn’t enforce transport layer encryption, which means transmitted data can be sent in cleartext.

“Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service,” according to the alert.

“Sensitive endpoints can be accessed without any authentication information such as the session cookie,” the alert continued. “An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions on Agilia Link+ or modify critical configuration parameters.”

Meanwhile, the web application “implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.”

The final high-severity vulnerability is found in the Vigilant MasterMed application, which validates the user input on the client side without authentication by the server. The server shouldn’t assume the data is correct, as “users might not support or block JavaScript or intentionally bypass the client-side checks.” 

If a hacker has knowledge of the service and its flaws, they could bypass the client-side control to log into the device service privileges.

The remaining flaws are caused by insufficiently protected credentials, plaintext password storage, exposed external access to files or directories, exposed data via directory listing, cross-site scripting, injection, and the use of hard-coded credentials, among others.

Fresenius Kabi issued new software versions to address some of these risks, and CISA urges healthcare entities to update the software to the latest versions. About 1,200 early Link+ devices will need a hardware change to support D16 or later firmware, and until the devices can be replaced, organizations will need to implement defensive measures to reduce the risk of exploit.

CISA recommendations include ensuring the impacted devices aren’t accessible from the internet, locating the affected systems and isolating them from the enterprise network, and using secure access methods when remote access is required.

For the moment, there are no known public exploits that target these flaws.

prestitial ad