CVE-2020-16216

Опубликовано: 11 сент. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 6.1

EPSS Низкий

Описание

In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart.

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
Third Party Advisory
US Government Resource
https://www.philips.com/productsecurity
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
Third Party Advisory
US Government Resource
https://www.philips.com/productsecurity

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:philips:patient_information_center_ix:b.02:*:*:*:*:*:*:*

cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*

cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*

cpe:2.3:a:philips:performancebridge_focal_point:a.01:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:philips:intellivue_mp2-mp90_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mp2-mp90:n:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:philips:intellivue_mx850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx850:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_x2:n:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_x3:n:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:philips:intellivue_mx750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx750:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*

Конфигурация 11

Одновременно

cpe:2.3:o:philips:intellivue_mx600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx600:-:*:*:*:*:*:*:*

Конфигурация 12

Одновременно

cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00063

Низкий

6.5 Medium

CVSS3

6.1 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-r3cv-8v59-5mh6

CVSS3: 6.5

github

больше 3 лет назад

Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart.

EPSS

Процентиль: 20%

0.00063

Низкий

6.5 Medium

CVSS3

6.1 Medium

CVSS2

Дефекты

CWE-20