Lucene search

[email protected]CVE-2020-16220

HistorySep 11, 2020 - 2:15 p.m.

CVE-2020-16220

2020-09-1114:15:11

CWE-1286

[email protected]

web.nvd.nist.gov

cve-2020-16220

patient information center ix

picix

intellivue

input validation

crash

certificate enrollment

security issue

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.3%

JSON

In Patient Information Center iX (PICiX) Versions C.02, C.03,
PerformanceBridge Focal Point Version A.01, the product receives input
that is expected to be well-formed (i.e., to comply with a certain
syntax) but it does not validate or incorrectly validates that the input
complies with the syntax, causing the certificate enrollment service to
crash. It does not impact monitoring but prevents new devices from
enrolling.

Affected configurations

NVD

Node

philipspatient_information_center_ixMatchb.02

philipspatient_information_center_ixMatchc.02

philipspatient_information_center_ixMatchc.03

philipsperformancebridge_focal_pointMatcha.01

CPENameOperatorVersion
philips:patient_information_center_ixphilips patient information center ixeqb.02
philips:patient_information_center_ixphilips patient information center ixeqc.02
philips:patient_information_center_ixphilips patient information center ixeqc.03
philips:performancebridge_focal_pointphilips performancebridge focal pointeqa.01

CPE	Name	Operator	Version
philips:patient_information_center_ix	philips patient information center ix	eq	b.02
philips:patient_information_center_ix	philips patient information center ix	eq	c.02
philips:patient_information_center_ix	philips patient information center ix	eq	c.03
philips:performancebridge_focal_point	philips performancebridge focal point	eq	a.01

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Patient Information Center iX (PICiX)",
    "vendor": "Philips ",
    "versions": [
      {
        "status": "affected",
        "version": "C.02"
      },
      {
        "status": "affected",
        "version": "C.03"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PerformanceBridge Focal Point",
    "vendor": "Philips ",
    "versions": [
      {
        "status": "affected",
        "version": "A.01"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsma-20-254-01

www.philips.com/productsecurity

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.3%

JSON

Related for CVE-2020-16220

cvelist1 prion1 nvd1 ics1