← back
CVE-2021-33017

Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel

CVSS 8.1 HIGHEPSS 0.5%CWE-288
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Dec 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected products
Philips · IntelliBridge EC 40 HubPhilips · IntelliBridge EC 80 Hub

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-01