11 matches found
CVE-2020-16218
CVE-2020-16218 affects Philips PICiX (Patient Information Center iX) versions B.02, C.02, C.03. Root cause: improper neutralization/incorrect neutralization of user-controlled input when generating web pages, enabling potential cross-site scripting that could lead to unauthorized access to patien...
CVE-2021-43552
Philips PIC iX (Patient Information Center iX) and Efficia CM Series are affected by CVE-2021-43552 (hard-coded cryptographic key). Affected PIC iX versions: B.02, C.02, C.03. Root cause: use of a hard-coded key increases the risk of encrypted data recovery, potentially leading to unauthorized da...
CVE-2020-16214
CVE-2020-16214 affects Philips PIC iX (PICiX) — versions B.02, C.02, C.03 — where user data saved to CSV files can include elements that are not properly neutralized, potentially enabling command interpretation when opened in spreadsheet software.Connected documents confirm the root cause: improp...
CVE-2020-16216
CVE-2020-16216 affects Philips IntelliVue patient monitors (MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90) and IntelliVue X2/X3 prior to N. The issue is improper input validation in multiple components, leading to a denial-of-service via a system restart when processing input data...
CVE-2021-43550
The CVE-2021-43550 entry concerns the use of a broken or risky cryptographic algorithm in Philips PIC iX and Efficia CM Series. Connected sources (ICSMA-21-322-02) specify affected products: PIC iX versions C.02 and C.03 and Efficia CM Series revisions A.01 to C.0x and 4.0. The vulnerability enab...
CVE-2020-16212
CVE-2020-16212 corresponds to Philips PICiX (Patient Information Center iX) with versions B.02, C.02, C.03. The issue exposes a resource to the wrong control sphere, enabling unintended access, and the surveillance-station kiosk mode creates a path for local breakout if an attacker has physical a...
CVE-2020-16222
CVE-2020-16222 relates to Philips PICiX and related components (PICiX B.02/C.02/C.03 and PerformanceBridge Focal Point A.01) where an actor claiming a given identity is not properly proven, enabling improper authentication. Connected sources confirm this as a multi‑vulnerability family in PICiX, ...
CVE-2020-16228
CVE-2020-16228 affects Philips PICiX (PIC iX) Versions C.02/C.03, PerformanceBridge Focal Point A.01, IntelliVue monitors MX100/MX400-MX850 and MP2-MP90, and IntelliVue X3 Versions N and prior. The issue is improper or missing certificate revocation checking, which may cause the device to trust a...
CVE-2020-16220
The CVE-2020-16220 issue affects Philips PICiX (Versions C.02, C.03) and PerformanceBridge Focal Point (Version A.01). It stems from improper validation of input to the certificate enrollment service, where inputs expected to conform to a syntax are not properly validated, causing the certificate...
CVE-2021-43548
CVE-2021-43548 affects Philips Patient Information Center iX (PIC iX) and Efficia CM Series. Affected PIC iX versions: B.02, C.02, C.03; Efficia CM Series: revisions A.01 to C.0x and 4.0. Vulnerability: Improper input validation (CWE-20) in PIC iX C.02/C.03 when processing input data. Impact: una...
CVE-2020-16224
CVE-2020-16224 affects Philips PICiX (Patient Information Center iX) in versions C.02 and C.03. The vulnerability stems from improper handling of a length field in a formatted message or structure, where the length value is inconsistent with the actual data length, causing the surveillance statio...