CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12023
https://notcve.org/view.php?id=CVE-2020-12023
Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Systems, are logged as the payload in IntelliBridge Enterprise (IBE) within the transaction logs. An attacker with administrative privileges could exploit this vulnerability to read plain text credentials from log files. Philips IntelliBridge Enterprise (IBE), versiones B.12 y anteriores, integra el sistema IntelliBridge Enterprise con SureSigns (VS4), EarlyVue (VS30) e IntelliVue Guardian (IGS). • https://www.us-cert.gov/ics/advisories/icsma-20-163-01 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.9EPSS: 0%CPEs: 2EXPL: 1CVE-2020-6007
https://notcve.org/view.php?id=CVE-2020-6007
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution. Philips Hue Bridge modelo 2.X versiones anteriores a 1935144020 incluyéndola, contiene un desbordamiento de búfer en la región heap de la memoria cuando se maneja una cadena ZCL larga durante la fase de comisionamiento, resultando en una ejecución de código remota. • https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb https://www2.meethue.com/en-us/support/release-notes/bridge • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-18263
https://notcve.org/view.php?id=CVE-2019-18263
An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). The router software uses an encryption scheme that is not strong enough for the level of protection required. Se encontró un problema en Philips Veradius Unity, Pulsera and Endura Dual WAN Router, Veradius Unity (718132) con opción inalámbrica (enviado entre 2016-Agosto 2018), Veradius Unity (718132) con opción ViewForum (enviado entre 2016-Agosto 2018) , Pulsera (718095) y Endura (718075) con opción inalámbrica (enviada entre el 26 de junio de 2017 y el 07 de agosto de 2018), Pulsera (718095) y Endura (718075) con la opción ViewForum (enviada entre el 26 de junio de 2017 y el 07 -Agosto 2018). El software del enrutador utiliza un esquema de cifrado que no es suficientemente fuerte para el nivel de protección requerido. • https://www.us-cert.gov/ics/advisories/icsma-19-353-01 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-18241
https://notcve.org/view.php?id=CVE-2019-18241
In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub. En Philips IntelliBridge EC40 y EC80, IntelliBridge EC40 Hub todas las versiones e IntelliBridge EC80 Hub todas las versiones, el servidor SSH que es ejecutado en los productos afectados está configurado para permitir cifrados débiles. Esto podría permitir a un atacante no autorizado con acceso a la red capturar y reproducir la sesión y conseguir acceso no autorizado al concentrador EC40/80. • https://www.us-cert.gov/ics/advisories/icsma-19-318-01 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18980
https://notcve.org/view.php?id=CVE-2019-18980
On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb. En los dispositivos Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb versión 9290022656, una API desprotegida permite a usuarios remotos controlar el funcionamiento de la bombilla. • https://blog.dammitly.net/2019/10/cheap-hackable-wifi-light-bulbs-or-iot.html • CWE-306: Missing Authentication for Critical Function CWE-311: Missing Encryption of Sensitive Data •