Vulnerability Details : CVE-2021-23173

The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data.

Vulnerability category: BypassGain privilege

Published 2022-01-10 14:10:17

Updated 2022-08-30 18:16:26

Source ICS-CERT

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-23173

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 21 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-23173

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
2.6	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N	1.2	1.4	ics-cert@hq.dhs.gov
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	nvd@nist.gov
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2021-23173

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: ics-cert@hq.dhs.gov (Secondary)

References for CVE-2021-23173

https://www.cisa.gov/uscert/ics/advisories/icsma-22-006-01

Philips Engage Software | CISA
Third Party Advisory;US Government Resource

Products affected by CVE-2021-23173

Philips » Engage
Versions before (<) 6.2.2
cpe:2.3:a:philips:engage:*:*:*:*:*:*:*:*
Matching versions