CVE-2021-33017
Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.
La ruta de acceso estándar de IntelliBridge EC 40 and 60 Hub (versiones C.00.04 y anteriores) requiere autenticación, pero el producto presenta una ruta o canal alternativo que no requiere autenticación
*Credits:
Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-05-13 CVE Reserved
- 2021-12-27 CVE Published
- 2024-08-03 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-288: Authentication Bypass Using an Alternate Path or Channel
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Philips Search vendor "Philips" | Intellibridge Ec40 Firmware Search vendor "Philips" for product "Intellibridge Ec40 Firmware" | <= c.00.04 Search vendor "Philips" for product "Intellibridge Ec40 Firmware" and version " <= c.00.04" | - |
Affected
| in | Philips Search vendor "Philips" | Intellibridge Ec40 Search vendor "Philips" for product "Intellibridge Ec40" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellibridge Ec80 Firmware Search vendor "Philips" for product "Intellibridge Ec80 Firmware" | <= c.00.04 Search vendor "Philips" for product "Intellibridge Ec80 Firmware" and version " <= c.00.04" | - |
Affected
| in | Philips Search vendor "Philips" | Intellibridge Ec80 Search vendor "Philips" for product "Intellibridge Ec80" | - | - |
Safe
|