CVE-2020-16218

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, thesoftware does not neutralize or incorrectly neutralizesuser-controllable input before it is placed in output that is then usedas a webpage and served to other users. Successful exploitation couldlead to unauthorized access to pa...

CVE-2020-16214

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, thesoftware saves user-provided information into a comma-separated value(CSV) file, but it does not neutralize or incorrectly neutralizesspecial elements that could be interpreted as a command when the file isopened by spreadsheet ...

CVE-2021-43550

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.

CVE-2020-16216

In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750,MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior,the product receives input or data but does not validate or incorrectlyvalidates that the input has the properties required to process the datasafely and correc...

CVE-2021-43552

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.

CVE-2020-16212

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local bre...

CVE-2020-16228

In Patient Information Center iX (PICiX) Versions C.02 and C.03,PerformanceBridge Focal Point Version A.01, IntelliVue patient monitorsMX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N andprior, the software does not check or incorrectly checks the revocationstatus of a certificate, wh...

CVE-2020-16222

In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, andPerformanceBridge Focal Point Version A.01, when an actor claims to havea given identity, the software does not prove or insufficiently provesthe claim is correct.

CVE-2021-43548

Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.

CVE-2020-16220

In Patient Information Center iX (PICiX) Versions C.02, C.03,PerformanceBridge Focal Point Version A.01, the product receives inputthat is expected to be well-formed (i.e., to comply with a certainsyntax) but it does not validate or incorrectly validates that the inputcomplies with the syntax, caus...

CVE-2020-16224

In Patient Information Center iX (PICiX) Versions C.02, C.03, thesoftware parses a formatted message or structure but does not handle orincorrectly handles a length field that is inconsistent with the actuallength of the associated data, causing the application on thesurveillance station to restart...