CVE-2021-43552 Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX PIC iX Versions B.02, C.02, and C.03...

CVE-2020-16212

In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local...

CVE-2020-16218

In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access t...

CVE-2020-16224 Philips Patient Monitoring Devices Improper Handling of Length Parameter Inconsistency

In Patient Information Center iX PICiX Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to...