CVE-2020-16228

Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.

CVSS v3.0 6.4 MEDIUM
CVSS v2.0 5.2 MEDIUM

6.4^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

5.2^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 5.1 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:philips:patient_information_center_ix:b.02:::::::*
	cpe:2.3:a:philips:patient_information_center_ix:c.02:::::::*
	cpe:2.3:a:philips:patient_information_center_ix:c.03:::::::*
	cpe:2.3:a:philips:performancebridge_focal_point:a.01:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:philips:intellivue_mp2-mp90_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mp2-mp90:n:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:philips:intellivue_mx850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx850:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_x2:n:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_x3:n:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:philips:intellivue_mx750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx750:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:philips:intellivue_mx600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx600:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*

Information

Published : 2020-09-11 06:15

Updated : 2020-09-15 11:28

NVD link : CVE-2020-16228

Mitre link : CVE-2020-16228

JSON object : View

CWE

CWE-299

Improper Check for Certificate Revocation

Products Affected

philips

intellivue_mx550
intellivue_mx100
intellivue_mx550_firmware
intellivue_mx800
intellivue_mx700_firmware
intellivue_x2_firmware
intellivue_x3_firmware
intellivue_x3
intellivue_mx600_firmware
intellivue_mx600
intellivue_mx400_firmware
intellivue_mp2-mp90_firmware
patient_information_center_ix
intellivue_x2
intellivue_mp2-mp90
intellivue_mx850_firmware
intellivue_mx750_firmware
performancebridge_focal_point
intellivue_mx100_firmware
intellivue_mx800_firmware
intellivue_mx700
intellivue_mx850
intellivue_mx750
intellivue_mx400

6.4 /10