CVE-2020-16212

Опубликовано: 11 сент. 2020

Источник: nvd

CVSS3: 6.8

CVSS2: 4.6

EPSS Низкий

Описание

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
Third Party Advisory
US Government Resource
https://www.philips.com/productsecurity
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
Third Party Advisory
US Government Resource
https://www.philips.com/productsecurity

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:philips:patient_information_center_ix:b.02:*:*:*:*:*:*:*

cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*

cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00059

Низкий

6.8 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-668

Связанные уязвимости

GHSA-33r4-hmp8-j73x

CVSS3: 6.8

github

больше 3 лет назад

Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.

EPSS

Процентиль: 18%

0.00059

Низкий

6.8 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-668