Sign-up

ID

VAR-201911-1049


CVE

CVE-2019-18241


TITLE

Philips IntelliBridge EC40 and EC80 Vulnerabilities related to cryptographic strength

Trust: 0.8

sources: JVNDB: JVNDB-2019-013264

DESCRIPTION

In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub. Philips IntelliBridge EC40 and EC80 Contains a cryptographic strength vulnerability.Information may be obtained. The Philips IntelliBridge EC40 Hub and IntelliBridge EC80 Hub are both a monitor module from Philips, Europe

Trust: 2.34

sources: NVD: CVE-2019-18241 // JVNDB: JVNDB-2019-013264 // CNVD: CNVD-2020-01009 // IVD: 78ac9539-9025-448b-87ec-728a29e9e6c1

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 78ac9539-9025-448b-87ec-728a29e9e6c1 // CNVD: CNVD-2020-01009

AFFECTED PRODUCTS

vendor:philipsmodel:intellibridge ec80scope:eqversion:*

Trust: 1.0

vendor:philipsmodel:intellibridge ec40scope:eqversion:*

Trust: 1.0

vendor:philipsmodel:intellibridge ec40scope: - version: -

Trust: 0.8

vendor:philipsmodel:intellibridge ec80scope: - version: -

Trust: 0.8

vendor:philipsmodel:intellibridge ec40 hubscope: - version: -

Trust: 0.6

vendor:philipsmodel:intellibridge ec80 hubscope: - version: -

Trust: 0.6

vendor:intellibridge ec40model: - scope:eqversion:*

Trust: 0.2

vendor:intellibridge ec80model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 78ac9539-9025-448b-87ec-728a29e9e6c1 // CNVD: CNVD-2020-01009 // JVNDB: JVNDB-2019-013264 // NVD: CVE-2019-18241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18241
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18241
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-01009
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-1006
value: MEDIUM

Trust: 0.6

IVD: 78ac9539-9025-448b-87ec-728a29e9e6c1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2019-18241
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-01009
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 78ac9539-9025-448b-87ec-728a29e9e6c1
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-18241
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-18241
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 78ac9539-9025-448b-87ec-728a29e9e6c1 // CNVD: CNVD-2020-01009 // JVNDB: JVNDB-2019-013264 // CNNVD: CNNVD-201911-1006 // NVD: CVE-2019-18241

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.8

sources: JVNDB: JVNDB-2019-013264 // NVD: CVE-2019-18241

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1006

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201911-1006

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013264

PATCH
title:Top Pageurl:https://www.usa.philips.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013264

EXTERNAL IDS
db:NVDid:CVE-2019-18241
Trust: 3.2
db:ICS CERTid:ICSMA-19-318-01
Trust: 3.0
db:CNVDid:CNVD-2020-01009
Trust: 0.8
db:CNNVDid:CNNVD-201911-1006
Trust: 0.8
db:JVNDBid:JVNDB-2019-013264
Trust: 0.8
db:AUSCERTid:ESB-2019.4311
Trust: 0.6
db:NSFOCUSid:47533
Trust: 0.6
db:IVDid:78AC9539-9025-448B-87EC-728A29E9E6C1
Trust: 0.2
sources:
            
            
            IVD: 78ac9539-9025-448b-87ec-728a29e9e6c1 // 
            
            
            
            CNVD: CNVD-2020-01009 // 
            
            
            
            JVNDB: JVNDB-2019-013264 // 
            
            
            
            CNNVD: CNNVD-201911-1006 // 
            
            
            
            NVD: CVE-2019-18241

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsma-19-318-01
Trust: 3.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-18241
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18241
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47533
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4311/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-01009 // 
            
            
            
            JVNDB: JVNDB-2019-013264 // 
            
            
            
            CNNVD: CNNVD-201911-1006 // 
            
            
            
            NVD: CVE-2019-18241

SOURCES
db:IVDid:78ac9539-9025-448b-87ec-728a29e9e6c1
db:CNVDid:CNVD-2020-01009
db:JVNDBid:JVNDB-2019-013264
db:CNNVDid:CNNVD-201911-1006
db:NVDid:CVE-2019-18241

LAST UPDATE DATE
2024-11-23T22:21:24.237000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-01009date:2020-01-08T00:00:00
db:JVNDBid:JVNDB-2019-013264date:2019-12-24T00:00:00
db:CNNVDid:CNNVD-201911-1006date:2020-08-10T00:00:00
db:NVDid:CVE-2019-18241date:2024-11-21T04:32:54.213

SOURCES RELEASE DATE
db:IVDid:78ac9539-9025-448b-87ec-728a29e9e6c1date:2020-01-08T00:00:00
db:CNVDid:CNVD-2020-01009date:2020-01-08T00:00:00
db:JVNDBid:JVNDB-2019-013264date:2019-12-24T00:00:00
db:CNNVDid:CNNVD-201911-1006date:2019-11-14T00:00:00
db:NVDid:CVE-2019-18241date:2019-11-26T00:15:11.717