SB2021111902 - Multiple vulnerabilities in Philips IntelliBridge EC 40 and EC 80 Hub

Security Bulletin ID SB2021111902

Severity

Medium

Patch available

NO

Number of vulnerabilities 2

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Use of hard-coded credentials (CVE-ID: CVE-2021-32993)

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker on the local network can access the affected system using the hard-coded credentials.

2) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2021-33017)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the affected product has an alternate path or channel that does not require authentication. A remote attacker on the local network can bypass authentication process and gain unauthorized access to the application.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ics-cert.us-cert.gov/advisories/icsma-21-322-01