Details of VAR-202009-0603

ID

VAR-202009-0603

CVE

CVE-2020-16214

TITLE

Patient Information Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202009-685

DESCRIPTION

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. A vulnerability exists in Patient Information. The following products and versions are affected: B.02, C.02, C.03

Trust: 0.99

sources: NVD: CVE-2020-16214 // VULHUB: VHN-169270

AFFECTED PRODUCTS

vendor:	philips	model:	patient information center ix	scope:	eq	version:	c.03	Trust: 1.0
vendor:	philips	model:	patient information center ix	scope:	eq	version:	c.02	Trust: 1.0
vendor:	philips	model:	patient information center ix	scope:	eq	version:	b.02	Trust: 1.0

sources: NVD: CVE-2020-16214

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-16214
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202009-685
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-169270
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-16214
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-169270
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-16214
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-169270 // CNNVD: CNNVD-202009-685 // NVD: CVE-2020-16214

PROBLEMTYPE DATA

problemtype:

CWE-1236

Trust: 1.0

sources: NVD: CVE-2020-16214

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-685

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-685

PATCH

title:

Patient Information Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128127

Trust: 0.6

sources: CNNVD: CNNVD-202009-685

EXTERNAL IDS

db:	ICS CERT	id:	ICSMA-20-254-01	Trust: 1.7
db:	NVD	id:	CVE-2020-16214	Trust: 1.7
db:	CNNVD	id:	CNNVD-202009-685	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3140	Trust: 0.6
db:	VULHUB	id:	VHN-169270	Trust: 0.1

sources: VULHUB: VHN-169270 // CNNVD: CNNVD-202009-685 // NVD: CVE-2020-16214

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01	Trust: 2.3
url:	https://www.philips.com/productsecurity	Trust: 1.0
url:	https://www.auscert.org.au/bulletins/esb-2020.3140/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16214	Trust: 0.6

sources: VULHUB: VHN-169270 // CNNVD: CNNVD-202009-685 // NVD: CVE-2020-16214

CREDITS

in the context of the BSI project ManiMed (Manipulation of medical devices), Germany,Julian Suleder, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Dr. Oliver Matula of ERNW Enno, which reported these to Philips., Nils Emmerich, Birk Kauer of ERNW Research GmbH

Trust: 0.6

sources: CNNVD: CNNVD-202009-685

SOURCES

db:	VULHUB	id:	VHN-169270
db:	CNNVD	id:	CNNVD-202009-685
db:	NVD	id:	CVE-2020-16214

LAST UPDATE DATE

2024-08-14T13:43:56.211000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169270	date:	2020-09-15T00:00:00
db:	CNNVD	id:	CNNVD-202009-685	date:	2021-09-01T00:00:00
db:	NVD	id:	CVE-2020-16214	date:	2023-12-12T21:15:07.410

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169270	date:	2020-09-11T00:00:00
db:	CNNVD	id:	CNNVD-202009-685	date:	2020-09-10T00:00:00
db:	NVD	id:	CVE-2020-16214	date:	2020-09-11T13:15:11.160