ID

VAR-202009-0607


CVE

CVE-2020-16222


TITLE

Philips Patient Information Center iX Authorization problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202009-679

DESCRIPTION

In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. A vulnerability exists in Patient Information. The vulnerability stems from special elements that may be interpreted as commands when spreadsheet software opens the file. The following products and versions are affected: B.02, C.02, C.03

Trust: 0.99

sources: NVD: CVE-2020-16222 // VULHUB: VHN-169279

AFFECTED PRODUCTS

vendor:philipsmodel:performancebridge focal pointscope:eqversion:a.01

Trust: 1.0

vendor:philipsmodel:patient information center ixscope:eqversion:c.03

Trust: 1.0

vendor:philipsmodel:patient information center ixscope:eqversion:c.02

Trust: 1.0

vendor:philipsmodel:patient information center ixscope:eqversion:b.02

Trust: 1.0

sources: NVD: CVE-2020-16222

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-16222
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202009-679
value: HIGH

Trust: 0.6

VULHUB: VHN-169279
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-16222
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-169279
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-16222
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-169279 // CNNVD: CNNVD-202009-679 // NVD: CVE-2020-16222

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

sources: VULHUB: VHN-169279 // NVD: CVE-2020-16222

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202009-679

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202009-679

PATCH

title:Patient Information Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128121

Trust: 0.6

sources: CNNVD: CNNVD-202009-679

EXTERNAL IDS

db:ICS CERTid:ICSMA-20-254-01

Trust: 1.7

db:NVDid:CVE-2020-16222

Trust: 1.7

db:CNNVDid:CNNVD-202009-679

Trust: 0.7

db:AUSCERTid:ESB-2020.3140

Trust: 0.6

db:VULHUBid:VHN-169279

Trust: 0.1

sources: VULHUB: VHN-169279 // CNNVD: CNNVD-202009-679 // NVD: CVE-2020-16222

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01

Trust: 2.3

url:https://www.philips.com/productsecurity

Trust: 1.0

url:https://www.auscert.org.au/bulletins/esb-2020.3140/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-16222

Trust: 0.6

sources: VULHUB: VHN-169279 // CNNVD: CNNVD-202009-679 // NVD: CVE-2020-16222

CREDITS

in the context of the BSI project ManiMed (Manipulation of medical devices), Germany,Julian Suleder, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Dr. Oliver Matula of ERNW Enno, which reported these to Philips., Nils Emmerich, Birk Kauer of ERNW Research GmbH

Trust: 0.6

sources: CNNVD: CNNVD-202009-679

SOURCES

db:VULHUBid:VHN-169279
db:CNNVDid:CNNVD-202009-679
db:NVDid:CVE-2020-16222

LAST UPDATE DATE

2024-11-23T21:35:20.072000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-169279date:2020-09-15T00:00:00
db:CNNVDid:CNNVD-202009-679date:2022-03-08T00:00:00
db:NVDid:CVE-2020-16222date:2024-11-21T05:06:58.047

SOURCES RELEASE DATE

db:VULHUBid:VHN-169279date:2020-09-11T00:00:00
db:CNNVDid:CNNVD-202009-679date:2020-09-10T00:00:00
db:NVDid:CVE-2020-16222date:2020-09-11T13:15:11.300