Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel
CVE-2021-33017

8.1HIGH

Key Information:

Vendor
Philips
Status
Intellibridge Ec 40 Hub
Intellibridge Ec 80 Hub
Vendor
CVE Published:
27 December 2021

Summary

The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Version(s)

IntelliBridge EC 40 Hub <= unspecified

IntelliBridge EC 80 Hub <= unspecified

References

https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks
.
CVE-2021-33017 : Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel | SecurityVulnerability.io