CVE-2021-33017

Опубликовано: 27 дек. 2021

Источник: nvd

CVSS3: 8.1

CVSS3: 8.8

CVSS2: 5.8

EPSS Низкий

Описание

The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01
Third Party Advisory
US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:philips:intellibridge_ec40_firmware:*:*:*:*:*:*:*:*

Версия до c.00.04 (включая)

cpe:2.3:h:philips:intellibridge_ec40:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:philips:intellibridge_ec80_firmware:*:*:*:*:*:*:*:*

Версия до c.00.04 (включая)

cpe:2.3:h:philips:intellibridge_ec80:-:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00062

Низкий

8.1 High

CVSS3

8.8 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-288

Связанные уязвимости

GHSA-mcf9-rwvw-cv27

github

около 4 лет назад

The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.

EPSS

Процентиль: 19%

0.00062

Низкий

8.1 High

CVSS3

8.8 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-288