Main Vulnerability Database Vulnerabilities #VU58249

Authentication bypass using an alternate path or channel in IntelliBridge EC 40 Hub and IntelliBridge EC 80 Hub - CVE-2021-33017

Published: November 19, 2021

Vulnerability identifier: #VU58249

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-33017

CWE-ID: CWE-288

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
IntelliBridge EC 40 Hub
IntelliBridge EC 80 Hub

Software vendor:
Philips

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the affected product has an alternate path or channel that does not require authentication. A remote attacker on the local network can bypass authentication process and gain unauthorized access to the application.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsma-21-322-01

Authentication bypass using an alternate path or channel in IntelliBridge EC 40 Hub and IntelliBridge EC 80 Hub - CVE-2021-33017

Description

Remediation

External links

Please verify you're human