Details of VAR-202009-0604

ID

VAR-202009-0604

CVE

CVE-2020-16216

TITLE

Philips Patient Information Center iX Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202009-674

DESCRIPTION

In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. A vulnerability exists in Patient Information. The vulnerability stems from special elements that may be interpreted as commands when spreadsheet software opens the file. The following products and versions are affected: B.02, C.02, C.03

Trust: 0.99

sources: NVD: CVE-2020-16216 // VULHUB: VHN-169272

AFFECTED PRODUCTS

vendor:	philips	model:	patient information center ix	scope:	eq	version:	c.03	Trust: 1.0
vendor:	philips	model:	intellivue x2	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mx800	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	patient information center ix	scope:	eq	version:	c.02	Trust: 1.0
vendor:	philips	model:	intellivue mx400	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	performancebridge focal point	scope:	eq	version:	a.01	Trust: 1.0
vendor:	philips	model:	intellivue mx100	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mx600	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mx700	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mx750	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mp2-mp90	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mx850	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mx550	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	patient information center ix	scope:	eq	version:	b.02	Trust: 1.0
vendor:	philips	model:	intellivue x3	scope:	eq	version:	-	Trust: 1.0

sources: NVD: CVE-2020-16216

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-16216
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202009-674
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-169272
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-16216
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-169272
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-16216
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-169272 // CNNVD: CNNVD-202009-674 // NVD: CVE-2020-16216

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.1

sources: VULHUB: VHN-169272 // NVD: CVE-2020-16216

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202009-674

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202009-674

PATCH

title:

Patient Information Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128117

Trust: 0.6

sources: CNNVD: CNNVD-202009-674

EXTERNAL IDS

db:	NVD	id:	CVE-2020-16216	Trust: 1.7
db:	ICS CERT	id:	ICSMA-20-254-01	Trust: 1.7
db:	CNNVD	id:	CNNVD-202009-674	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3140	Trust: 0.6
db:	VULHUB	id:	VHN-169272	Trust: 0.1

sources: VULHUB: VHN-169272 // CNNVD: CNNVD-202009-674 // NVD: CVE-2020-16216

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01	Trust: 2.3
url:	https://www.philips.com/productsecurity	Trust: 1.0
url:	https://www.auscert.org.au/bulletins/esb-2020.3140/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16216	Trust: 0.6

sources: VULHUB: VHN-169272 // CNNVD: CNNVD-202009-674 // NVD: CVE-2020-16216

CREDITS

in the context of the BSI project ManiMed (Manipulation of medical devices), Germany,Julian Suleder, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Dr. Oliver Matula of ERNW Enno, which reported these to Philips., Nils Emmerich, Birk Kauer of ERNW Research GmbH

Trust: 0.6

sources: CNNVD: CNNVD-202009-674

SOURCES

db:	VULHUB	id:	VHN-169272
db:	CNNVD	id:	CNNVD-202009-674
db:	NVD	id:	CVE-2020-16216

LAST UPDATE DATE

2024-08-14T13:43:56.097000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169272	date:	2020-09-15T00:00:00
db:	CNNVD	id:	CNNVD-202009-674	date:	2022-03-08T00:00:00
db:	NVD	id:	CVE-2020-16216	date:	2023-12-12T21:15:07.527

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169272	date:	2020-09-11T00:00:00
db:	CNNVD	id:	CNNVD-202009-674	date:	2020-09-10T00:00:00
db:	NVD	id:	CVE-2020-16216	date:	2020-09-11T14:15:11.440