Sign-up

ID

VAR-202201-1547


CVE

CVE-2021-23173


TITLE

Philips  Made  Engage Software  Inappropriate access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-001003

DESCRIPTION

The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data. Philips Provided by Engage Software Is a customer support software platform

Trust: 1.8

sources: NVD: CVE-2021-23173 // JVNDB: JVNDB-2022-001003 // VULHUB: VHN-408676 // VULMON: CVE-2021-23173

AFFECTED PRODUCTS

vendor:philipsmodel:engagescope:ltversion:6.2.2

Trust: 1.0

vendor:フィリップスmodel:engage softwarescope:eqversion: -

Trust: 0.8

vendor:フィリップスmodel:engage softwarescope:lteversion:versions 6.2.1 and earlier s

Trust: 0.8

sources: JVNDB: JVNDB-2022-001003 // NVD: CVE-2021-23173

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-23173
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-23173
value: LOW

Trust: 1.0

OTHER: JVNDB-2022-001003
value: LOW

Trust: 0.8

CNNVD: CNNVD-202201-459
value: MEDIUM

Trust: 0.6

VULHUB: VHN-408676
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-23173
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-23173
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-408676
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-23173
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-23173
baseSeverity: LOW
baseScore: 2.6
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-001003
baseSeverity: LOW
baseScore: 2.6
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-408676 // VULMON: CVE-2021-23173 // JVNDB: JVNDB-2022-001003 // CNNVD: CNNVD-202201-459 // NVD: CVE-2021-23173 // NVD: CVE-2021-23173

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

sources: NVD: CVE-2021-23173

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-459

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-459

PATCH

title:product-securityurl:https://www.usa.philips.com/healthcare/about/customer-support/product-security

Trust: 0.8

title:Philips Engage Software Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178029

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-23173

Trust: 0.1

sources: VULMON: CVE-2021-23173 // JVNDB: JVNDB-2022-001003 // CNNVD: CNNVD-202201-459

EXTERNAL IDS

db:ICS CERTid:ICSMA-22-006-01

Trust: 2.6

db:NVDid:CVE-2021-23173

Trust: 2.6

db:JVNid:JVNVU91224097

Trust: 0.8

db:JVNDBid:JVNDB-2022-001003

Trust: 0.8

db:CNNVDid:CNNVD-202201-459

Trust: 0.7

db:CS-HELPid:SB2022010703

Trust: 0.6

db:AUSCERTid:ESB-2022.0085

Trust: 0.6

db:VULHUBid:VHN-408676

Trust: 0.1

db:VULMONid:CVE-2021-23173

Trust: 0.1

sources: VULHUB: VHN-408676 // VULMON: CVE-2021-23173 // JVNDB: JVNDB-2022-001003 // CNNVD: CNNVD-202201-459 // NVD: CVE-2021-23173

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsma-22-006-01

Trust: 2.7

url:http://jvn.jp/cert/jvnvu91224097/

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2022.0085

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsma-22-006-01

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010703

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-23173

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2021-23173

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-408676 // VULMON: CVE-2021-23173 // JVNDB: JVNDB-2022-001003 // CNNVD: CNNVD-202201-459 // NVD: CVE-2021-23173

CREDITS

Parnassia and S-Unit reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202201-459

SOURCES

db:VULHUBid:VHN-408676
db:VULMONid:CVE-2021-23173
db:JVNDBid:JVNDB-2022-001003
db:CNNVDid:CNNVD-202201-459
db:NVDid:CVE-2021-23173

LAST UPDATE DATE

2024-08-14T14:24:59.893000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-408676date:2022-08-30T00:00:00
db:VULMONid:CVE-2021-23173date:2022-08-30T00:00:00
db:JVNDBid:JVNDB-2022-001003date:2022-01-11T05:41:00
db:CNNVDid:CNNVD-202201-459date:2022-08-31T00:00:00
db:NVDid:CVE-2021-23173date:2022-08-30T18:16:26.143

SOURCES RELEASE DATE

db:VULHUBid:VHN-408676date:2022-01-10T00:00:00
db:VULMONid:CVE-2021-23173date:2022-01-10T00:00:00
db:JVNDBid:JVNDB-2022-001003date:2022-01-11T00:00:00
db:CNNVDid:CNNVD-202201-459date:2022-01-06T00:00:00
db:NVDid:CVE-2021-23173date:2022-01-10T14:10:16.847