Patient Information Center Ix Security Vulnerabilities
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local bre...
6.8CVSS
6.3AI Score
0.001EPSS
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, thesoftware saves user-provided information into a comma-separated value(CSV) file, but it does not neutralize or incorrectly neutralizesspecial elements that could be interpreted as a command when the file isopened by spreadsheet ...
5CVSS
5.1AI Score
0.001EPSS
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750,MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior,the product receives input or data but does not validate or incorrectlyvalidates that the input has the properties required to process the datasafely and correc...
6.5CVSS
6.4AI Score
0.001EPSS
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, thesoftware does not neutralize or incorrectly neutralizesuser-controllable input before it is placed in output that is then usedas a webpage and served to other users. Successful exploitation couldlead to unauthorized access to pa...
3.5CVSS
3.9AI Score
0.0004EPSS
In Patient Information Center iX (PICiX) Versions C.02, C.03,PerformanceBridge Focal Point Version A.01, the product receives inputthat is expected to be well-formed (i.e., to comply with a certainsyntax) but it does not validate or incorrectly validates that the inputcomplies with the syntax, caus...
4.3CVSS
4.7AI Score
0.001EPSS
In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, andPerformanceBridge Focal Point Version A.01, when an actor claims to havea given identity, the software does not prove or insufficiently provesthe claim is correct.
8.8CVSS
8.5AI Score
0.001EPSS
In Patient Information Center iX (PICiX) Versions C.02, C.03, thesoftware parses a formatted message or structure but does not handle orincorrectly handles a length field that is inconsistent with the actuallength of the associated data, causing the application on thesurveillance station to restart...
6.5CVSS
6.4AI Score
0.001EPSS
In Patient Information Center iX (PICiX) Versions C.02 and C.03,PerformanceBridge Focal Point Version A.01, IntelliVue patient monitorsMX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N andprior, the software does not check or incorrectly checks the revocationstatus of a certificate, wh...
6.4CVSS
6.3AI Score
0.0004EPSS
Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
6.5CVSS
6.4AI Score
0.0005EPSS
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.
6.5CVSS
6.4AI Score
0.001EPSS
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.
6.1CVSS
5.5AI Score
0.0004EPSS