CVE-2019-18241
MEDIUMPhilips IntelliBridge EC40 and EC80 Firmware - Inadequate Encryption Strength in SSH Server
Title source: llmDescription
In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsma-19-318-01
Scores
CVSS v3
6.5
EPSS
0.0033
EPSS Percentile
24.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-326
Status
published
Products (2)
philips/intellibridge_ec40_firmware
philips/intellibridge_ec80_firmware
Published
Nov 26, 2019
Tracked Since
Feb 18, 2026