Vulnerability Details : CVE-2020-16220
In Patient Information Center iX (PICiX) Versions C.02, C.03,
PerformanceBridge Focal Point Version A.01, the product receives input
that is expected to be well-formed (i.e., to comply with a certain
syntax) but it does not validate or incorrectly validates that the input
complies with the syntax, causing the certificate enrollment service to
crash. It does not impact monitoring but prevents new devices from
enrolling.
Vulnerability category: Input validation
Products affected by CVE-2020-16220
- cpe:2.3:a:philips:patient_information_center_ix:b.02:*:*:*:*:*:*:*
- cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*
- cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*
- cpe:2.3:a:philips:performancebridge_focal_point:a.01:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-16220
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-16220
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:N/I:N/A:P |
6.5
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2020-16220
-
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.Assigned by: ics-cert@hq.dhs.gov (Primary)
References for CVE-2020-16220
-
https://www.philips.com/productsecurity
Product Security | Philips
-
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
Philips Patient Monitoring Devices | CISAThird Party Advisory;US Government Resource
Jump to