20 matches found
CVE-2020-16220
In Patient Information Center iX PICiX Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed i.e., to comply with a certain syntax but it does not validate or incorrectly validates that the input complies with the syntax,...
CVE-2020-16212
In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local...
CVE-2020-16224
In Patient Information Center iX PICiX Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to...
CVE-2020-16224
In Patient Information Center iX PICiX Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to...
Code injection
In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local...
Input validation
In Patient Information Center iX PICiX Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed i.e., to comply with a certain syntax but it does not validate or incorrectly validates that the input complies with the syntax,...
CVE-2020-16222
In Patient Information Center iX PICiX Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct...
CVE-2020-16214
In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadshee...
CVE-2020-16218
In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access t...
Command injection
In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadshee...
Design/Logic Flaw
In Patient Information Center iX PICiX Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate...
Design/Logic Flaw
In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access t...
CVE-2020-16212 Philips Patient Monitoring Devices Exposure of Resource to Wrong Sphere
In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local...
CVE-2020-16220
The CVE-2020-16220 issue affects Philips PICiX (Versions C.02, C.03) and PerformanceBridge Focal Point (Version A.01). It stems from improper validation of input to the certificate enrollment service, where inputs expected to conform to a syntax are not properly validated, causing the certificate...
CVE-2020-16216
CVE-2020-16216 affects Philips IntelliVue patient monitors (MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90) and IntelliVue X2/X3 prior to N. The issue is improper input validation in multiple components, leading to a denial-of-service via a system restart when processing input data...
CVE-2020-16224
CVE-2020-16224 affects Philips PICiX (Patient Information Center iX) in versions C.02 and C.03. The vulnerability stems from improper handling of a length field in a formatted message or structure, where the length value is inconsistent with the actual data length, causing the surveillance statio...
CVE-2020-16224 Philips Patient Monitoring Devices Improper Handling of Length Parameter Inconsistency
In Patient Information Center iX PICiX Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to...
CVE-2020-16228
CVE-2020-16228 affects Philips PICiX (PIC iX) Versions C.02/C.03, PerformanceBridge Focal Point A.01, IntelliVue monitors MX100/MX400-MX850 and MP2-MP90, and IntelliVue X3 Versions N and prior. The issue is improper or missing certificate revocation checking, which may cause the device to trust a...
CVE-2020-16214
CVE-2020-16214 affects Philips PIC iX (PICiX) — versions B.02, C.02, C.03 — where user data saved to CSV files can include elements that are not properly neutralized, potentially enabling command interpretation when opened in spreadsheet software.Connected documents confirm the root cause: improp...
Philips Patient Monitoring Devices (Update C)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Low attack complexity Vendor : Philips Equipment : Patient Information Center iX PICiX; PerformanceBridge Focal Point; IntelliVue Patient Monitors MX100, MX400-MX850, and MP2-MP90; and IntelliVue X2, and X3 Vulnerabilities : Improper...