"FDA, CISA Warn of Fresenius Kabi Infusion Pump Flaws"

The Food and Drug Administration (FDA) recently released an alert about the Cybersecurity and Infrastructure Security Agency's (CISA) warning of a dozen vulnerabilities identified in specific components of Germany-based medical device manufacturer Fresenius Kabi's Agilia Connect Infusion System. According to CISA's advisory, if an attacker were to successfully exploit these vulnerabilities, they could gain access to sensitive information, modify settings, or carry out actions as an unauthorized user. The product components of the Agilia Connect Infusion System affected by the vulnerabilities are used globally. These products were found to contain vulnerabilities such as inadequately protected credentials, improper access control, uncontrolled resource consumption, plaintext storage of passwords, cross-site scripting, the use of a broken cryptographic algorithm, the use of unmaintained third-party components, and more. CISA says the vulnerabilities are collectively assigned a CVSS v3 base score of 7.5. Fresenius Kabi released a statement saying that these flaws have been solved through software upgrades. However, the company also identified approximately 1,200 Link+ infusion pump devices that would need hardware changes. Until replacements are made in customers' installation, the company urges users to follow CISA's recommendations for temporary alternatives. This article continues to discuss the discovery, potential impact, and mitigation of Fresenius Kabi infusion pump security flaws.

Healthcare Info Security reports "FDA, CISA Warn of Fresenius Kabi Infusion Pump Flaws"