CVE-2020-16220

Опубликовано: 11 сент. 2020

Источник: nvd

CVSS3: 4.3

CVSS2: 3.3

EPSS Низкий

Описание

In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
Third Party Advisory
US Government Resource
https://www.philips.com/productsecurity
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
Third Party Advisory
US Government Resource
https://www.philips.com/productsecurity

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:philips:patient_information_center_ix:b.02:*:*:*:*:*:*:*

cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*

cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*

cpe:2.3:a:philips:performancebridge_focal_point:a.01:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00035

Низкий

4.3 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-1286

Связанные уязвимости

GHSA-2rq5-qmgj-689w

CVSS3: 4.3

github

больше 3 лет назад

Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.

EPSS

Процентиль: 10%

0.00035

Низкий

4.3 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-1286