Search criteria
9 vulnerabilities found for SureSigns VS4 by Philips
VAR-202008-0371
Vulnerability from variot - Updated: 2023-12-18 11:58Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. SureSings VS4 Is Philips It is a device provided by the company that monitors the vital signs of patients. SureSings VS4 The following multiple vulnerabilities exist in. ‥ * Improper input confirmation (CWE-20) - CVE-2020-16237 ‥ * Inappropriate access control (CWE-284) - CVE-2020-16241 ‥ * Inappropriate authentication (CWE-287) - CVE-2020-16239Third parties may have access to administrator operations and system settings, which could result in device settings being modified and patient data sent out. SureSings VS4 Is Philips It is a device provided by the company that monitors the vital signs of patients. SureSings VS4 The following multiple vulnerabilities exist in. ‥ * Improper input confirmation (CWE-20) - CVE-2020-16237 ‥ * Inappropriate access control (CWE-284) - CVE-2020-16241 ‥ * Inappropriate authentication (CWE-287) - CVE-2020-16239Third parties may have access to administrator operations and system settings, which could result in device settings being modified and patient data sent out. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0371",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "suresigns vs4",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": "a.07.107"
},
{
"model": "suresigns vs4",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "a.07.107"
},
{
"model": "suresigns vs4 \u003c=a.07.107",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "NVD",
"id": "CVE-2020-16237"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:suresigns_vs4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "a.07.107",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:suresigns_vs4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16237"
}
]
},
"cve": "CVE-2020-16237",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-007707",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 2.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-49569",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Physical",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-007707",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007707",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-007707",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2020-16237",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "JVNDB-2020-007707",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-49569",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1026",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. SureSings VS4 Is Philips It is a device provided by the company that monitors the vital signs of patients. SureSings VS4 The following multiple vulnerabilities exist in. \u2025 * Improper input confirmation (CWE-20) - CVE-2020-16237 \u2025 * Inappropriate access control (CWE-284) - CVE-2020-16241 \u2025 * Inappropriate authentication (CWE-287) - CVE-2020-16239Third parties may have access to administrator operations and system settings, which could result in device settings being modified and patient data sent out. SureSings VS4 Is Philips It is a device provided by the company that monitors the vital signs of patients. SureSings VS4 The following multiple vulnerabilities exist in. \u2025 * Improper input confirmation (CWE-20) - CVE-2020-16237 \u2025 * Inappropriate access control (CWE-284) - CVE-2020-16241 \u2025 * Inappropriate authentication (CWE-287) - CVE-2020-16239Third parties may have access to administrator operations and system settings, which could result in device settings being modified and patient data sent out. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "CNVD",
"id": "CNVD-2020-49569"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSMA-20-233-01",
"trust": 3.8
},
{
"db": "NVD",
"id": "CVE-2020-16237",
"trust": 3.8
},
{
"db": "JVN",
"id": "JVNVU96372881",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2020-49569",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48556",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2874",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1026",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
]
},
"id": "VAR-202008-0371",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
}
],
"trust": 1.31428573
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
}
]
},
"last_update_date": "2023-12-18T11:58:09.051000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product Security",
"trust": 1.6,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16237"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
},
{
"trust": 1.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16241"
},
{
"trust": 1.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16237"
},
{
"trust": 1.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16239"
},
{
"trust": 1.6,
"url": "https://jvn.jp/vu/jvnvu96372881/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2874/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48556"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16237"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"date": "2020-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"date": "2020-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"date": "2020-08-21T13:15:13.600000",
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"date": "2020-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"date": "2020-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"date": "2020-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"date": "2020-08-27T13:58:34.403000",
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Made SureSigns VS4 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
],
"trust": 0.6
}
}
VAR-202008-1235
Vulnerability from variot - Updated: 2023-12-18 11:58Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Philips SureSigns VS4 is a vital signs monitor for monitoring the physiological parameters of patients.
Philips SureSigns VS4 A.07.107 and earlier versions have an access control error vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-1235",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "suresigns vs4",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "a.07.107"
},
{
"model": "suresigns vs4 \u003c=a.07.107",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49568"
},
{
"db": "NVD",
"id": "CVE-2020-16241"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:suresigns_vs4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "a.07.107",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:suresigns_vs4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16241"
}
]
},
"cve": "CVE-2020-16241",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-49568",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-16241",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2020-49568",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1024",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49568"
},
{
"db": "NVD",
"id": "CVE-2020-16241"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1024"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Philips SureSigns VS4 is a vital signs monitor for monitoring the physiological parameters of patients. \n\r\n\r\nPhilips SureSigns VS4 A.07.107 and earlier versions have an access control error vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16241"
},
{
"db": "CNVD",
"id": "CNVD-2020-49568"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSMA-20-233-01",
"trust": 2.2
},
{
"db": "NVD",
"id": "CVE-2020-16241",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2020-49568",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2874",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1024",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49568"
},
{
"db": "NVD",
"id": "CVE-2020-16241"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1024"
}
]
},
"id": "VAR-202008-1235",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49568"
}
],
"trust": 1.31428573
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49568"
}
]
},
"last_update_date": "2023-12-18T11:58:09.099000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16241"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2874/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16241"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49568"
},
{
"db": "NVD",
"id": "CVE-2020-16241"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1024"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-49568"
},
{
"db": "NVD",
"id": "CVE-2020-16241"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1024"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49568"
},
{
"date": "2020-08-21T13:15:13.880000",
"db": "NVD",
"id": "CVE-2020-16241"
},
{
"date": "2020-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1024"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49568"
},
{
"date": "2021-11-22T16:29:14.827000",
"db": "NVD",
"id": "CVE-2020-16241"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1024"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips SureSigns VS4 access control error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49568"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1024"
}
],
"trust": 0.6
}
}
VAR-202008-0372
Vulnerability from variot - Updated: 2023-12-18 11:58Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. Philips SureSigns VS4 is a vital signs monitor for monitoring the physiological parameters of patients.
Philips SureSigns VS4 A.07.107 and earlier versions have an authorization issue vulnerability. The vulnerability stems from the product's failure to correctly verify the user's alleged identity. There is currently no detailed vulnerability details provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0372",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "suresigns vs4",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "a.07.107"
},
{
"model": "suresigns vs4 \u003c=a.07.107",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49567"
},
{
"db": "NVD",
"id": "CVE-2020-16239"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:suresigns_vs4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "a.07.107",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:suresigns_vs4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16239"
}
]
},
"cve": "CVE-2020-16239",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-49567",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-16239",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-49567",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1019",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49567"
},
{
"db": "NVD",
"id": "CVE-2020-16239"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1019"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. Philips SureSigns VS4 is a vital signs monitor for monitoring the physiological parameters of patients. \n\r\n\r\nPhilips SureSigns VS4 A.07.107 and earlier versions have an authorization issue vulnerability. The vulnerability stems from the product\u0027s failure to correctly verify the user\u0027s alleged identity. There is currently no detailed vulnerability details provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16239"
},
{
"db": "CNVD",
"id": "CNVD-2020-49567"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16239",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSMA-20-233-01",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2020-49567",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2874",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1019",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49567"
},
{
"db": "NVD",
"id": "CVE-2020-16239"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1019"
}
]
},
"id": "VAR-202008-0372",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49567"
}
],
"trust": 1.31428573
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49567"
}
]
},
"last_update_date": "2023-12-18T11:58:09.078000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16239"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2874/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16239"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49567"
},
{
"db": "NVD",
"id": "CVE-2020-16239"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1019"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-49567"
},
{
"db": "NVD",
"id": "CVE-2020-16239"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1019"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49567"
},
{
"date": "2020-08-21T13:15:13.787000",
"db": "NVD",
"id": "CVE-2020-16239"
},
{
"date": "2020-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1019"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49567"
},
{
"date": "2020-08-27T14:03:42.073000",
"db": "NVD",
"id": "CVE-2020-16239"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1019"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips SureSigns VS4 authorization issue vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49567"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1019"
}
],
"trust": 0.6
}
}
CVE-2020-16239 (GCVE-0-2020-16239)
Vulnerability from cvelistv5 – Published: 2020-08-21 12:18 – Updated: 2025-06-04 21:37
VLAI?
Title
Philips SureSigns VS4 Improper Authentication
Summary
When an actor claims to have a given identity,
Philips SureSigns VS4, A.07.107 and prior
does not prove or insufficiently proves the claim is correct.
Severity ?
4.9 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | SureSigns VS4 |
Affected:
0 , < A.07.107
(custom)
|
Credits
Cleveland Clinic reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureSigns VS4",
"vendor": "Philips",
"versions": [
{
"lessThan": "A.07.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cleveland Clinic reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nWhen an actor claims to have a given identity, \n\nPhilips SureSigns VS4, A.07.107 and prior \ndoes not prove or insufficiently proves the claim is correct.\n\n\u003c/p\u003e"
}
],
"value": "When an actor claims to have a given identity, \n\nPhilips SureSigns VS4, A.07.107 and prior \ndoes not prove or insufficiently proves the claim is correct."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:37:16.919Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"source": {
"advisory": "ICSMA-20-233-01",
"discovery": "EXTERNAL"
},
"title": "Philips SureSigns VS4 Improper Authentication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.\u003cbr\u003e\u003cbr\u003e\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support or regional service support\u003c/a\u003e or call 1-800-722-9377.\u003cbr\u003e\u003cbr\u003e\nPlease see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips advisory\u003c/a\u003e for vulnerabilities discussed in this disclosure, and visit the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the latest security information for Philips products.\n\n\u003cbr\u003e"
}
],
"value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.\n\n\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact Philips service support or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or call 1-800-722-9377.\n\n\nPlease see the Philips advisory http://www.philips.com/productsecurity for vulnerabilities discussed in this disclosure, and visit the Philips product security website https://www.philips.com/productsecurity for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips SureSigns VS4",
"version": {
"version_data": [
{
"version_value": "A.07.107 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16239",
"datePublished": "2020-08-21T12:18:29",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2025-06-04T21:37:16.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16241 (GCVE-0-2020-16241)
Vulnerability from cvelistv5 – Published: 2020-08-21 12:15 – Updated: 2025-06-04 21:34
VLAI?
Title
Philips SureSigns VS4 Improper Access Control
Summary
Philips SureSigns VS4, A.07.107 and prior
does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Severity ?
6.3 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | SureSigns VS4 |
Affected:
0 , < A.07.107
(custom)
|
Credits
Cleveland Clinic reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureSigns VS4",
"vendor": "Philips",
"versions": [
{
"lessThan": "A.07.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cleveland Clinic reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips SureSigns VS4, A.07.107 and prior \ndoes not restrict or incorrectly restricts access to a resource from an unauthorized actor.\n\n\u003c/p\u003e"
}
],
"value": "Philips SureSigns VS4, A.07.107 and prior \ndoes not restrict or incorrectly restricts access to a resource from an unauthorized actor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:34:45.706Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"source": {
"advisory": "ICSMA-20-233-01",
"discovery": "EXTERNAL"
},
"title": "Philips SureSigns VS4 Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.\u003cbr\u003e\u003cbr\u003e\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support or regional service support\u003c/a\u003e or call 1-800-722-9377.\u003cbr\u003e\u003cbr\u003e\nPlease see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips advisory\u003c/a\u003e for vulnerabilities discussed in this disclosure, and visit the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the latest security information for Philips products.\n\n\u003cbr\u003e"
}
],
"value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.\n\n\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact Philips service support or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or call 1-800-722-9377.\n\n\nPlease see the Philips advisory http://www.philips.com/productsecurity for vulnerabilities discussed in this disclosure, and visit the Philips product security website https://www.philips.com/productsecurity for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips SureSigns VS4",
"version": {
"version_data": [
{
"version_value": "A.07.107 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16241",
"datePublished": "2020-08-21T12:15:31",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2025-06-04T21:34:45.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16237 (GCVE-0-2020-16237)
Vulnerability from cvelistv5 – Published: 2020-08-21 12:11 – Updated: 2025-06-04 21:32
VLAI?
Title
Philips SureSigns VS4 Improper Input Validation
Summary
Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | SureSigns VS4 |
Affected:
0 , < A.07.107
(custom)
|
Credits
Cleveland Clinic reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureSigns VS4",
"vendor": "Philips",
"versions": [
{
"lessThan": "A.07.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cleveland Clinic reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.\u003c/p\u003e"
}
],
"value": "Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:32:44.371Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"source": {
"advisory": "ICSMA-20-233-01",
"discovery": "EXTERNAL"
},
"title": "Philips SureSigns VS4 Improper Input Validation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.\u003cbr\u003e\u003cbr\u003e\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support or regional service support\u003c/a\u003e or call 1-800-722-9377.\u003cbr\u003e\u003cbr\u003e\nPlease see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips advisory\u003c/a\u003e for vulnerabilities discussed in this disclosure, and visit the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the latest security information for Philips products.\n\n\u003cbr\u003e"
}
],
"value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.\n\n\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact Philips service support or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or call 1-800-722-9377.\n\n\nPlease see the Philips advisory http://www.philips.com/productsecurity for vulnerabilities discussed in this disclosure, and visit the Philips product security website https://www.philips.com/productsecurity for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips SureSigns VS4",
"version": {
"version_data": [
{
"version_value": "A.07.107 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16237",
"datePublished": "2020-08-21T12:11:41",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2025-06-04T21:32:44.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16239 (GCVE-0-2020-16239)
Vulnerability from nvd – Published: 2020-08-21 12:18 – Updated: 2025-06-04 21:37
VLAI?
Title
Philips SureSigns VS4 Improper Authentication
Summary
When an actor claims to have a given identity,
Philips SureSigns VS4, A.07.107 and prior
does not prove or insufficiently proves the claim is correct.
Severity ?
4.9 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | SureSigns VS4 |
Affected:
0 , < A.07.107
(custom)
|
Credits
Cleveland Clinic reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureSigns VS4",
"vendor": "Philips",
"versions": [
{
"lessThan": "A.07.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cleveland Clinic reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nWhen an actor claims to have a given identity, \n\nPhilips SureSigns VS4, A.07.107 and prior \ndoes not prove or insufficiently proves the claim is correct.\n\n\u003c/p\u003e"
}
],
"value": "When an actor claims to have a given identity, \n\nPhilips SureSigns VS4, A.07.107 and prior \ndoes not prove or insufficiently proves the claim is correct."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:37:16.919Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"source": {
"advisory": "ICSMA-20-233-01",
"discovery": "EXTERNAL"
},
"title": "Philips SureSigns VS4 Improper Authentication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.\u003cbr\u003e\u003cbr\u003e\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support or regional service support\u003c/a\u003e or call 1-800-722-9377.\u003cbr\u003e\u003cbr\u003e\nPlease see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips advisory\u003c/a\u003e for vulnerabilities discussed in this disclosure, and visit the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the latest security information for Philips products.\n\n\u003cbr\u003e"
}
],
"value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.\n\n\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact Philips service support or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or call 1-800-722-9377.\n\n\nPlease see the Philips advisory http://www.philips.com/productsecurity for vulnerabilities discussed in this disclosure, and visit the Philips product security website https://www.philips.com/productsecurity for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips SureSigns VS4",
"version": {
"version_data": [
{
"version_value": "A.07.107 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16239",
"datePublished": "2020-08-21T12:18:29",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2025-06-04T21:37:16.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16241 (GCVE-0-2020-16241)
Vulnerability from nvd – Published: 2020-08-21 12:15 – Updated: 2025-06-04 21:34
VLAI?
Title
Philips SureSigns VS4 Improper Access Control
Summary
Philips SureSigns VS4, A.07.107 and prior
does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Severity ?
6.3 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | SureSigns VS4 |
Affected:
0 , < A.07.107
(custom)
|
Credits
Cleveland Clinic reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureSigns VS4",
"vendor": "Philips",
"versions": [
{
"lessThan": "A.07.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cleveland Clinic reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips SureSigns VS4, A.07.107 and prior \ndoes not restrict or incorrectly restricts access to a resource from an unauthorized actor.\n\n\u003c/p\u003e"
}
],
"value": "Philips SureSigns VS4, A.07.107 and prior \ndoes not restrict or incorrectly restricts access to a resource from an unauthorized actor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:34:45.706Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"source": {
"advisory": "ICSMA-20-233-01",
"discovery": "EXTERNAL"
},
"title": "Philips SureSigns VS4 Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.\u003cbr\u003e\u003cbr\u003e\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support or regional service support\u003c/a\u003e or call 1-800-722-9377.\u003cbr\u003e\u003cbr\u003e\nPlease see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips advisory\u003c/a\u003e for vulnerabilities discussed in this disclosure, and visit the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the latest security information for Philips products.\n\n\u003cbr\u003e"
}
],
"value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.\n\n\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact Philips service support or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or call 1-800-722-9377.\n\n\nPlease see the Philips advisory http://www.philips.com/productsecurity for vulnerabilities discussed in this disclosure, and visit the Philips product security website https://www.philips.com/productsecurity for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips SureSigns VS4",
"version": {
"version_data": [
{
"version_value": "A.07.107 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16241",
"datePublished": "2020-08-21T12:15:31",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2025-06-04T21:34:45.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16237 (GCVE-0-2020-16237)
Vulnerability from nvd – Published: 2020-08-21 12:11 – Updated: 2025-06-04 21:32
VLAI?
Title
Philips SureSigns VS4 Improper Input Validation
Summary
Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | SureSigns VS4 |
Affected:
0 , < A.07.107
(custom)
|
Credits
Cleveland Clinic reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureSigns VS4",
"vendor": "Philips",
"versions": [
{
"lessThan": "A.07.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cleveland Clinic reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.\u003c/p\u003e"
}
],
"value": "Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:32:44.371Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"source": {
"advisory": "ICSMA-20-233-01",
"discovery": "EXTERNAL"
},
"title": "Philips SureSigns VS4 Improper Input Validation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.\u003cbr\u003e\u003cbr\u003e\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support or regional service support\u003c/a\u003e or call 1-800-722-9377.\u003cbr\u003e\u003cbr\u003e\nPlease see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips advisory\u003c/a\u003e for vulnerabilities discussed in this disclosure, and visit the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the latest security information for Philips products.\n\n\u003cbr\u003e"
}
],
"value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.\n\n\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact Philips service support or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or call 1-800-722-9377.\n\n\nPlease see the Philips advisory http://www.philips.com/productsecurity for vulnerabilities discussed in this disclosure, and visit the Philips product security website https://www.philips.com/productsecurity for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips SureSigns VS4",
"version": {
"version_data": [
{
"version_value": "A.07.107 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16237",
"datePublished": "2020-08-21T12:11:41",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2025-06-04T21:32:44.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}