FKIE_CVE-2020-16237

Vulnerability from fkie_nvd - Published: 2020-08-21 13:15 - Updated: 2025-06-04 22:15
Severity ?
2.1 (Low) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2.1 (Low) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
References
ics-cert@hq.dhs.govhttps://us-cert.cisa.gov/ics/advisories/icsma-20-233-01Third Party Advisory, US Government Resource
ics-cert@hq.dhs.govhttps://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive
af854a3a-2127-422b-91ae-364da2661108https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
philips suresigns_vs4_firmware *
philips suresigns_vs4 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:philips:suresigns_vs4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD053F85-5CCB-4848-98A8-B35512CF69CB",
              "versionEndIncluding": "a.07.107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:philips:suresigns_vs4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EDE9FA8-A0BF-44DE-A4B0-BCEC98A93196",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
    },
    {
      "lang": "es",
      "value": "Philips SureSigns versiones VS4, A.07.107 y anteriores. El producto recibe una entrada o datos, pero no comprueba o comprueba incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos segura y correctamente."
    }
  ],
  "id": "CVE-2020-16237",
  "lastModified": "2025-06-04T22:15:23.847",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "LOW",
          "baseScore": 2.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 1.4,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "LOW",
          "baseScore": 2.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-21T13:15:13.600",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.