First published: Mon Nov 25 2019(Updated: )
In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Philips Intellibridge Ec40 Firmware | ||
Philips IntelliBridge EC40 | ||
Philips Intellibridge Ec80 Firmware | ||
Philips Intellibridge Ec80 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this security issue is CVE-2019-18241.
This vulnerability affects Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions.
The severity rating of CVE-2019-18241 is medium, with a severity value of 6.5.
This vulnerability could allow an unauthorized attacker with network access to capture and replay SSH traffic on the affected products.
More information about CVE-2019-18241 can be found at the US-CERT advisory: https://www.us-cert.gov/ics/advisories/icsma-19-318-01