VAR-202008-0371
Vulnerability from variot - Updated: 2023-12-18 11:58Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. SureSings VS4 Is Philips It is a device provided by the company that monitors the vital signs of patients. SureSings VS4 The following multiple vulnerabilities exist in. ‥ * Improper input confirmation (CWE-20) - CVE-2020-16237 ‥ * Inappropriate access control (CWE-284) - CVE-2020-16241 ‥ * Inappropriate authentication (CWE-287) - CVE-2020-16239Third parties may have access to administrator operations and system settings, which could result in device settings being modified and patient data sent out. SureSings VS4 Is Philips It is a device provided by the company that monitors the vital signs of patients. SureSings VS4 The following multiple vulnerabilities exist in. ‥ * Improper input confirmation (CWE-20) - CVE-2020-16237 ‥ * Inappropriate access control (CWE-284) - CVE-2020-16241 ‥ * Inappropriate authentication (CWE-287) - CVE-2020-16239Third parties may have access to administrator operations and system settings, which could result in device settings being modified and patient data sent out. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0371",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "suresigns vs4",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": "a.07.107"
},
{
"model": "suresigns vs4",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "a.07.107"
},
{
"model": "suresigns vs4 \u003c=a.07.107",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "NVD",
"id": "CVE-2020-16237"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:suresigns_vs4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "a.07.107",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:suresigns_vs4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16237"
}
]
},
"cve": "CVE-2020-16237",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-007707",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 2.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-49569",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Physical",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-007707",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007707",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-007707",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2020-16237",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "JVNDB-2020-007707",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-49569",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1026",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. SureSings VS4 Is Philips It is a device provided by the company that monitors the vital signs of patients. SureSings VS4 The following multiple vulnerabilities exist in. \u2025 * Improper input confirmation (CWE-20) - CVE-2020-16237 \u2025 * Inappropriate access control (CWE-284) - CVE-2020-16241 \u2025 * Inappropriate authentication (CWE-287) - CVE-2020-16239Third parties may have access to administrator operations and system settings, which could result in device settings being modified and patient data sent out. SureSings VS4 Is Philips It is a device provided by the company that monitors the vital signs of patients. SureSings VS4 The following multiple vulnerabilities exist in. \u2025 * Improper input confirmation (CWE-20) - CVE-2020-16237 \u2025 * Inappropriate access control (CWE-284) - CVE-2020-16241 \u2025 * Inappropriate authentication (CWE-287) - CVE-2020-16239Third parties may have access to administrator operations and system settings, which could result in device settings being modified and patient data sent out. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "CNVD",
"id": "CNVD-2020-49569"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSMA-20-233-01",
"trust": 3.8
},
{
"db": "NVD",
"id": "CVE-2020-16237",
"trust": 3.8
},
{
"db": "JVN",
"id": "JVNVU96372881",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2020-49569",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48556",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2874",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1026",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
]
},
"id": "VAR-202008-0371",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
}
],
"trust": 1.31428573
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
}
]
},
"last_update_date": "2023-12-18T11:58:09.051000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product Security",
"trust": 1.6,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16237"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"
},
{
"trust": 1.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16241"
},
{
"trust": 1.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16237"
},
{
"trust": 1.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16239"
},
{
"trust": 1.6,
"url": "https://jvn.jp/vu/jvnvu96372881/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2874/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48556"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16237"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"date": "2020-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"date": "2020-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"date": "2020-08-21T13:15:13.600000",
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"date": "2020-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49569"
},
{
"date": "2020-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"date": "2020-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"date": "2020-08-27T13:58:34.403000",
"db": "NVD",
"id": "CVE-2020-16237"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Made SureSigns VS4 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007707"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1026"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…