Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service.

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-41835
• https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01