Philips IntelliBridge EC 40 and EC 80 Hub Use of Hard-coded Credentials
CVE-2021-32993

8.1HIGH

Key Information:

Vendor: Philips
Status: Intellibridge Ec 40 Hub; Intellibridge Ec 80 Hub
Vendor: CVE Published:; 27 December 2021

Summary

IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Affected Version(s)

IntelliBridge EC 40 Hub <= unspecified

IntelliBridge EC 80 Hub <= unspecified

References

https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 27, 2021
Vulnerability Reserved
May 13, 2021

Credit

Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks