Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for IntelliBridge EC 40 Hub by Philips

    CVE-2021-33017 (GCVE-0-2021-33017)

    Vulnerability from nvd – Published: 2021-12-27 18:48 – Updated: 2024-09-16 20:16
    VLAI
    Title
    Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel
    Summary
    The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips IntelliBridge EC 40 Hub Affected: unspecified , ≤ C.00.04 (custom)
    Create a notification for this product.
    Philips IntelliBridge EC 80 Hub Affected: unspecified , ≤ C.00.04 (custom)
    Create a notification for this product.
    Date Public
    2021-11-18 00:00
    Credits
    Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:19.092Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IntelliBridge EC 40 Hub",
              "vendor": "Philips",
              "versions": [
                {
                  "lessThanOrEqual": "C.00.04",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "IntelliBridge EC 80 Hub",
              "vendor": "Philips",
              "versions": [
                {
                  "lessThanOrEqual": "C.00.04",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks"
            }
          ],
          "datePublic": "2021-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-27T18:48:21.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01"
            }
          ],
          "source": {
            "advisory": "ICSMA-21-322-01",
            "discovery": "UNKNOWN"
          },
          "title": "Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-11-18T15:34:00.000Z",
              "ID": "CVE-2021-33017",
              "STATE": "PUBLIC",
              "TITLE": "Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IntelliBridge EC 40 Hub",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "C.00.04"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "IntelliBridge EC 80 Hub",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "C.00.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en"
              }
            ],
            "source": {
              "advisory": "ICSMA-21-322-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-33017",
        "datePublished": "2021-12-27T18:48:21.413Z",
        "dateReserved": "2021-05-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:16:50.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32993 (GCVE-0-2021-32993)

    Vulnerability from nvd – Published: 2021-12-27 18:48 – Updated: 2024-09-17 03:52
    VLAI
    Title
    Philips IntelliBridge EC 40 and EC 80 Hub Use of Hard-coded Credentials
    Summary
    IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips IntelliBridge EC 40 Hub Affected: unspecified , ≤ C.00.04 (custom)
    Create a notification for this product.
    Philips IntelliBridge EC 80 Hub Affected: unspecified , ≤ C.00.04 (custom)
    Create a notification for this product.
    Date Public
    2021-11-18 00:00
    Credits
    Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:19.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IntelliBridge EC 40 Hub",
              "vendor": "Philips",
              "versions": [
                {
                  "lessThanOrEqual": "C.00.04",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "IntelliBridge EC 80 Hub",
              "vendor": "Philips",
              "versions": [
                {
                  "lessThanOrEqual": "C.00.04",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks"
            }
          ],
          "datePublic": "2021-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-27T18:48:20.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01"
            }
          ],
          "source": {
            "advisory": "ICSMA-21-322-01",
            "discovery": "UNKNOWN"
          },
          "title": "Philips IntelliBridge EC 40 and EC 80 Hub Use of Hard-coded Credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-11-18T15:34:00.000Z",
              "ID": "CVE-2021-32993",
              "STATE": "PUBLIC",
              "TITLE": "Philips IntelliBridge EC 40 and EC 80 Hub Use of Hard-coded Credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IntelliBridge EC 40 Hub",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "C.00.04"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "IntelliBridge EC 80 Hub",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "C.00.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en"
              }
            ],
            "source": {
              "advisory": "ICSMA-21-322-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-32993",
        "datePublished": "2021-12-27T18:48:20.675Z",
        "dateReserved": "2021-05-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:52:56.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33017 (GCVE-0-2021-33017)

    Vulnerability from cvelistv5 – Published: 2021-12-27 18:48 – Updated: 2024-09-16 20:16
    VLAI
    Title
    Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel
    Summary
    The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips IntelliBridge EC 40 Hub Affected: unspecified , ≤ C.00.04 (custom)
    Create a notification for this product.
    Philips IntelliBridge EC 80 Hub Affected: unspecified , ≤ C.00.04 (custom)
    Create a notification for this product.
    Date Public
    2021-11-18 00:00
    Credits
    Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:19.092Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IntelliBridge EC 40 Hub",
              "vendor": "Philips",
              "versions": [
                {
                  "lessThanOrEqual": "C.00.04",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "IntelliBridge EC 80 Hub",
              "vendor": "Philips",
              "versions": [
                {
                  "lessThanOrEqual": "C.00.04",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks"
            }
          ],
          "datePublic": "2021-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-27T18:48:21.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01"
            }
          ],
          "source": {
            "advisory": "ICSMA-21-322-01",
            "discovery": "UNKNOWN"
          },
          "title": "Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-11-18T15:34:00.000Z",
              "ID": "CVE-2021-33017",
              "STATE": "PUBLIC",
              "TITLE": "Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IntelliBridge EC 40 Hub",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "C.00.04"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "IntelliBridge EC 80 Hub",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "C.00.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en"
              }
            ],
            "source": {
              "advisory": "ICSMA-21-322-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-33017",
        "datePublished": "2021-12-27T18:48:21.413Z",
        "dateReserved": "2021-05-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:16:50.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32993 (GCVE-0-2021-32993)

    Vulnerability from cvelistv5 – Published: 2021-12-27 18:48 – Updated: 2024-09-17 03:52
    VLAI
    Title
    Philips IntelliBridge EC 40 and EC 80 Hub Use of Hard-coded Credentials
    Summary
    IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips IntelliBridge EC 40 Hub Affected: unspecified , ≤ C.00.04 (custom)
    Create a notification for this product.
    Philips IntelliBridge EC 80 Hub Affected: unspecified , ≤ C.00.04 (custom)
    Create a notification for this product.
    Date Public
    2021-11-18 00:00
    Credits
    Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:19.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IntelliBridge EC 40 Hub",
              "vendor": "Philips",
              "versions": [
                {
                  "lessThanOrEqual": "C.00.04",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "IntelliBridge EC 80 Hub",
              "vendor": "Philips",
              "versions": [
                {
                  "lessThanOrEqual": "C.00.04",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks"
            }
          ],
          "datePublic": "2021-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-27T18:48:20.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01"
            }
          ],
          "source": {
            "advisory": "ICSMA-21-322-01",
            "discovery": "UNKNOWN"
          },
          "title": "Philips IntelliBridge EC 40 and EC 80 Hub Use of Hard-coded Credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-11-18T15:34:00.000Z",
              "ID": "CVE-2021-32993",
              "STATE": "PUBLIC",
              "TITLE": "Philips IntelliBridge EC 40 and EC 80 Hub Use of Hard-coded Credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IntelliBridge EC 40 Hub",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "C.00.04"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "IntelliBridge EC 80 Hub",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "C.00.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en"
              }
            ],
            "source": {
              "advisory": "ICSMA-21-322-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-32993",
        "datePublished": "2021-12-27T18:48:20.675Z",
        "dateReserved": "2021-05-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:52:56.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }