CVE-2020-16216 (GCVE-0-2020-16216)

Vulnerability from cvelistv5 – Published: 2020-09-11 13:06 – Updated: 2024-08-04 13:37
VLAI?
Summary
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart.
Severity ?
No CVSS data available.
CWE
  • CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Vendor Product Version
Philips IntelliVue patient monitors Affected: MX100
Affected: MX400-550
Affected: MX600
Affected: MX700
Affected: MX750
Affected: MX800
Affected: MX850
Affected: MP2-MP90
Create a notification for this product.
    Philips IntelliVue Affected: X2
Affected: X3
Affected: 0 , ≤ N (custom)
Create a notification for this product.
Credits
Julian Suleder, Nils Emmerich, Birk Kauer of ERNW Research GmbH, Dr. Oliver Matula of ERNW Enno, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices), which reported these to Philips.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:37:54.166Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.philips.com/productsecurity"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "IntelliVue patient monitors",
          "vendor": "Philips ",
          "versions": [
            {
              "status": "affected",
              "version": "MX100"
            },
            {
              "status": "affected",
              "version": "MX400-550"
            },
            {
              "status": "affected",
              "version": "MX600"
            },
            {
              "status": "affected",
              "version": "MX700"
            },
            {
              "status": "affected",
              "version": "MX750"
            },
            {
              "status": "affected",
              "version": "MX800"
            },
            {
              "status": "affected",
              "version": "MX850"
            },
            {
              "status": "affected",
              "version": "MP2-MP90"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "IntelliVue ",
          "vendor": "Philips ",
          "versions": [
            {
              "status": "affected",
              "version": "X2 "
            },
            {
              "status": "affected",
              "version": "X3 "
            },
            {
              "lessThanOrEqual": "N",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Julian Suleder, Nils Emmerich, Birk Kauer of ERNW Research GmbH, Dr. Oliver Matula of ERNW Enno, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices), which reported these to Philips."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\nIn IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, \nMX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, \nthe product receives input or data but does not validate or incorrectly \nvalidates that the input has the properties required to process the data\n safely and correctly, which can induce a denial-of-service condition \nthrough a system restart.\n\n\u003c/p\u003e"
            }
          ],
          "value": "In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, \nMX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, \nthe product receives input or data but does not validate or incorrectly \nvalidates that the input has the properties required to process the data\n safely and correctly, which can induce a denial-of-service condition \nthrough a system restart.\n\n\n\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-12T21:06:04.285Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
        },
        {
          "url": "https://www.philips.com/productsecurity"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nPhilips released the following versions to remediate reported vulnerabilities:\u003cul\u003e\n\u003cli\u003eIntelliVue Patient Monitors Versions N.00 and N.01\u003c/li\u003e\n\u003cli\u003eIntelliVue Patient Monitors Version M.04: Contact a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support team\u003c/a\u003e for an upgrade path\u003c/li\u003e\n\u003cli\u003eCertificate revocation implementation of the \nIntelliVue Patient Monitors will be completed in Q3 of 2024.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Philips released the following versions to remediate reported vulnerabilities:\n  *  IntelliVue Patient Monitors Versions N.00 and N.01\n\n  *  IntelliVue Patient Monitors Version M.04: Contact a  Philips service support team https://www.usa.philips.com/healthcare/solutions/customer-service-solutions  for an upgrade path\n\n  *  Certificate revocation implementation of the \nIntelliVue Patient Monitors will be completed in Q3 of 2024.\n\n\n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Philips Patient Monitoring Devices Improper Input Validation",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\u003cp\u003eAs a mitigation to these vulnerabilities, Philips recommends the following:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe Philips patient monitoring network is required to be physically \nor logically isolated from the hospital local area network (LAN). \nPhilips recommends using a firewall or routers that can implement access\n control lists restricting access in and out of the patient monitoring \nnetwork for only necessary ports and IP addresses. Refer to the Philips \nPatient Monitoring System Security for Clinical Networks guide for \nadditional information on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://incenter.medical.philips.com/\"\u003eInCenter\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBy default, the simple certificate enrollment protocol (SCEP) \nservice is not running. When needed, the service is configured to run \nbased on the duration or the number of certificates to be assigned. One \ncertificate is default, but if a certificate is not issued, the service \nwill continue to run. Limit exposure by ensuring the SCEP service is not\n running unless it is actively being used to enroll new devices.\u003c/li\u003e\n\u003cli\u003eWhen enrolling new devices using SCEP, enter a unique challenge password of 8-12 unpredictable and randomized digits.\u003c/li\u003e\n\u003cli\u003eImplement physical security controls to prevent unauthorized login \nattempts on the PIC iX application. Servers should be kept in controlled\n locked data centers. Access to equipment at nurses\u2019 stations should be \ncontrolled and monitored.\u003c/li\u003e\n\u003cli\u003eOnly grant remote access to PIC iX servers on a must-have basis.\u003c/li\u003e\n\u003cli\u003eGrant login privileges to the bedside monitor and PIC iX application\n on a role-based, least-privilege basis, and only to trusted users.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eUsers with questions regarding their specific Philips Patient \nInformation Center (PIC iX) and/or IntelliVue patient monitor \ninstallations and new release eligibility should contact their local \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support team, or regional service support\u003c/a\u003e, or call 1-800-722-9377.\u003c/p\u003e\n\u003cp\u003ePlease see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the Philips advisory and the latest security information for Philips products.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "As a mitigation to these vulnerabilities, Philips recommends the following:\n\n\n\n  *  The Philips patient monitoring network is required to be physically \nor logically isolated from the hospital local area network (LAN). \nPhilips recommends using a firewall or routers that can implement access\n control lists restricting access in and out of the patient monitoring \nnetwork for only necessary ports and IP addresses. Refer to the Philips \nPatient Monitoring System Security for Clinical Networks guide for \nadditional information on  InCenter https://incenter.medical.philips.com/ .\n\n  *  By default, the simple certificate enrollment protocol (SCEP) \nservice is not running. When needed, the service is configured to run \nbased on the duration or the number of certificates to be assigned. One \ncertificate is default, but if a certificate is not issued, the service \nwill continue to run. Limit exposure by ensuring the SCEP service is not\n running unless it is actively being used to enroll new devices.\n\n  *  When enrolling new devices using SCEP, enter a unique challenge password of 8-12 unpredictable and randomized digits.\n\n  *  Implement physical security controls to prevent unauthorized login \nattempts on the PIC iX application. Servers should be kept in controlled\n locked data centers. Access to equipment at nurses\u2019 stations should be \ncontrolled and monitored.\n\n  *  Only grant remote access to PIC iX servers on a must-have basis.\n\n  *  Grant login privileges to the bedside monitor and PIC iX application\n on a role-based, least-privilege basis, and only to trusted users.\n\n\n\n\nUsers with questions regarding their specific Philips Patient \nInformation Center (PIC iX) and/or IntelliVue patient monitor \ninstallations and new release eligibility should contact their local  Philips service support team, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-800-722-9377.\n\n\nPlease see the  Philips product security website https://www.philips.com/productsecurity  for the Philips advisory and the latest security information for Philips products.\n\n\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-16216",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Philips Patient Information Center iX (PICiX), PerformanceBridge Focal Point, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90, IntelliVue X3 and X2.",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "IMPROPER INPUT VALIDATION CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-16216",
    "datePublished": "2020-09-11T13:06:55",
    "dateReserved": "2020-07-31T00:00:00",
    "dateUpdated": "2024-08-04T13:37:54.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:philips:patient_information_center_ix:b.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4FA1FEC-5139-48C1-856C-8062436AE6C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3220AB2-AC0D-4AC2-90D8-76C02FC693EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE1FB3E9-E269-434A-B1C2-D54C40F437BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:philips:performancebridge_focal_point:a.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B4CF59B-32DC-4F48-88C5-77B96E937E93\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:intellivue_mp2-mp90_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BDDAC8D-53B7-4B52-8EE2-510E6FE215D8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:intellivue_mp2-mp90:n:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9B11FBA-4FCF-4B0A-ADA9-6BB59686A8DE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D7C4F77-6005-4AAA-83CA-CA9F60043A7A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D2A5BBF-C360-4281-AD34-C0941831DA64\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58F21718-A0DE-419E-B82D-447ADC337E30\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27B8D0E2-316A-45E5-8FC1-AE70F07DB7FA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:intellivue_mx850_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77650C8F-73D8-4DBC-8673-40502748C3CE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:intellivue_mx850:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1F44D95-5744-4475-9312-63E1F422B236\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E42604C2-7CB6-42AC-9272-CFABFC4DC85A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:intellivue_x2:n:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA10D49B-DBB0-4E4D-B0C9-17F91D22E5AB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"708EB7F4-9747-4B0C-937D-F1ED07300FAE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:intellivue_x3:n:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"221DDFB6-3F7D-4611-9A87-2D216DF79A2B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9C6A5F3-C845-4561-A451-DC3C966E8D8C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C38B732B-8629-40FE-A333-E69A7F2CFB18\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:intellivue_mx750_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B60F7F6F-995F-4251-9DF8-897F42025B2C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:intellivue_mx750:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F77F9328-BFE3-42C9-A487-6295B05274ED\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43C2466F-A371-4386-B098-F724D5CD14CB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDF21FA3-9650-442F-8E13-281A9975C47B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:intellivue_mx600_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4394A2A-C9F4-4E56-866E-EB49F6B32C3D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:intellivue_mx600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"186C49C9-BDA8-4083-A3E9-606BBA027CAB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D72DF93-DF02-411D-80BE-85286F553B1E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B03E7D9-01DC-492F-BA52-9165E78BE498\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, \\nMX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, \\nthe product receives input or data but does not validate or incorrectly \\nvalidates that the input has the properties required to process the data\\n safely and correctly, which can induce a denial-of-service condition \\nthrough a system restart.\\n\\n\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versi\\u00f3n A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, IntelliVue X3 y X2 Versiones N y anteriores.\u0026#xa0;El producto recibe una entrada o datos pero no comprueba o comprueba incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos seguramente y correctamente, lo que puede inducir una condici\\u00f3n de denegaci\\u00f3n de servicio por medio de un reinicio del sistema\"}]",
      "id": "CVE-2020-16216",
      "lastModified": "2024-11-21T05:06:57.320",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 6.1, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.5, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-09-11T14:15:11.440",
      "references": "[{\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.philips.com/productsecurity\", \"source\": \"ics-cert@hq.dhs.gov\"}, {\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.philips.com/productsecurity\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-16216\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2020-09-11T14:15:11.440\",\"lastModified\":\"2024-11-21T05:06:57.320\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, \\nMX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, \\nthe product receives input or data but does not validate or incorrectly \\nvalidates that the input has the properties required to process the data\\n safely and correctly, which can induce a denial-of-service condition \\nthrough a system restart.\\n\\n\\n\\n\"},{\"lang\":\"es\",\"value\":\"Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versi\u00f3n A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, IntelliVue X3 y X2 Versiones N y anteriores.\u0026#xa0;El producto recibe una entrada o datos pero no comprueba o comprueba incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos seguramente y correctamente, lo que puede inducir una condici\u00f3n de denegaci\u00f3n de servicio por medio de un reinicio del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":6.1,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:philips:patient_information_center_ix:b.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4FA1FEC-5139-48C1-856C-8062436AE6C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3220AB2-AC0D-4AC2-90D8-76C02FC693EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1FB3E9-E269-434A-B1C2-D54C40F437BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:philips:performancebridge_focal_point:a.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B4CF59B-32DC-4F48-88C5-77B96E937E93\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mp2-mp90_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BDDAC8D-53B7-4B52-8EE2-510E6FE215D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mp2-mp90:n:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9B11FBA-4FCF-4B0A-ADA9-6BB59686A8DE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D7C4F77-6005-4AAA-83CA-CA9F60043A7A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D2A5BBF-C360-4281-AD34-C0941831DA64\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F21718-A0DE-419E-B82D-447ADC337E30\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27B8D0E2-316A-45E5-8FC1-AE70F07DB7FA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx850_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77650C8F-73D8-4DBC-8673-40502748C3CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1F44D95-5744-4475-9312-63E1F422B236\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E42604C2-7CB6-42AC-9272-CFABFC4DC85A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_x2:n:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA10D49B-DBB0-4E4D-B0C9-17F91D22E5AB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"708EB7F4-9747-4B0C-937D-F1ED07300FAE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_x3:n:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"221DDFB6-3F7D-4611-9A87-2D216DF79A2B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C6A5F3-C845-4561-A451-DC3C966E8D8C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C38B732B-8629-40FE-A333-E69A7F2CFB18\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx750_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B60F7F6F-995F-4251-9DF8-897F42025B2C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F77F9328-BFE3-42C9-A487-6295B05274ED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43C2466F-A371-4386-B098-F724D5CD14CB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDF21FA3-9650-442F-8E13-281A9975C47B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx600_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4394A2A-C9F4-4E56-866E-EB49F6B32C3D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"186C49C9-BDA8-4083-A3E9-606BBA027CAB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D72DF93-DF02-411D-80BE-85286F553B1E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B03E7D9-01DC-492F-BA52-9165E78BE498\"}]}]}],\"references\":[{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.philips.com/productsecurity\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.philips.com/productsecurity\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.