ID

VAR-202009-0603


CVE

CVE-2020-16214


TITLE

Patient Information Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202009-685

DESCRIPTION

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. A vulnerability exists in Patient Information. The following products and versions are affected: B.02, C.02, C.03

Trust: 0.99

sources: NVD: CVE-2020-16214 // VULHUB: VHN-169270

AFFECTED PRODUCTS

vendor:philipsmodel:patient information center ixscope:eqversion:c.03

Trust: 1.0

vendor:philipsmodel:patient information center ixscope:eqversion:c.02

Trust: 1.0

vendor:philipsmodel:patient information center ixscope:eqversion:b.02

Trust: 1.0

sources: NVD: CVE-2020-16214

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-16214
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202009-685
value: MEDIUM

Trust: 0.6

VULHUB: VHN-169270
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-16214
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-169270
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-16214
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-169270 // CNNVD: CNNVD-202009-685 // NVD: CVE-2020-16214

PROBLEMTYPE DATA

problemtype:CWE-1236

Trust: 1.0

sources: NVD: CVE-2020-16214

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-685

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-685

PATCH

title:Patient Information Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128127

Trust: 0.6

sources: CNNVD: CNNVD-202009-685

EXTERNAL IDS

db:ICS CERTid:ICSMA-20-254-01

Trust: 1.7

db:NVDid:CVE-2020-16214

Trust: 1.7

db:CNNVDid:CNNVD-202009-685

Trust: 0.7

db:AUSCERTid:ESB-2020.3140

Trust: 0.6

db:VULHUBid:VHN-169270

Trust: 0.1

sources: VULHUB: VHN-169270 // CNNVD: CNNVD-202009-685 // NVD: CVE-2020-16214

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01

Trust: 2.3

url:https://www.philips.com/productsecurity

Trust: 1.0

url:https://www.auscert.org.au/bulletins/esb-2020.3140/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-16214

Trust: 0.6

sources: VULHUB: VHN-169270 // CNNVD: CNNVD-202009-685 // NVD: CVE-2020-16214

CREDITS

in the context of the BSI project ManiMed (Manipulation of medical devices), Germany,Julian Suleder, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Dr. Oliver Matula of ERNW Enno, which reported these to Philips., Nils Emmerich, Birk Kauer of ERNW Research GmbH

Trust: 0.6

sources: CNNVD: CNNVD-202009-685

SOURCES

db:VULHUBid:VHN-169270
db:CNNVDid:CNNVD-202009-685
db:NVDid:CVE-2020-16214

LAST UPDATE DATE

2024-11-23T21:35:20.004000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-169270date:2020-09-15T00:00:00
db:CNNVDid:CNNVD-202009-685date:2021-09-01T00:00:00
db:NVDid:CVE-2020-16214date:2024-11-21T05:06:57.083

SOURCES RELEASE DATE

db:VULHUBid:VHN-169270date:2020-09-11T00:00:00
db:CNNVDid:CNNVD-202009-685date:2020-09-10T00:00:00
db:NVDid:CVE-2020-16214date:2020-09-11T13:15:11.160