ICSMA-22-006-01 Philips Engage Software
CVE-2021-23173

2.6LOW

Key Information:

Vendor: Philips
Status: Engage Software
Vendor: CVE Published:; 10 January 2022

What is CVE-2021-23173?

The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data.

Affected Version(s)

Engage Software NA all < 6.2.1

References

https://www.cisa.gov/uscert/ics/advisories/icsma-22-006-01

x_refsource_MISC

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2022
Vulnerability Reserved
Dec 16, 2021

Credit

Parnassia and S-Unit reported this vulnerability to CISA.