ID

VAR-202009-0608


CVE

CVE-2020-16224


TITLE

Patient Information Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202009-676

DESCRIPTION

In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart. A vulnerability exists in Patient Information. The vulnerability stems from special elements that may be interpreted as commands when spreadsheet software opens the file. The following products and versions are affected: B.02, C.02, C.03

Trust: 0.99

sources: NVD: CVE-2020-16224 // VULHUB: VHN-169281

AFFECTED PRODUCTS

vendor:philipsmodel:patient information center ixscope:eqversion:c.03

Trust: 1.0

vendor:philipsmodel:patient information center ixscope:eqversion:c.02

Trust: 1.0

sources: NVD: CVE-2020-16224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-16224
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202009-676
value: MEDIUM

Trust: 0.6

VULHUB: VHN-169281
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-16224
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-169281
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-16224
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-169281 // CNNVD: CNNVD-202009-676 // NVD: CVE-2020-16224

PROBLEMTYPE DATA

problemtype:CWE-130

Trust: 1.1

sources: VULHUB: VHN-169281 // NVD: CVE-2020-16224

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202009-676

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-676

PATCH

title:Patient Information Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128119

Trust: 0.6

sources: CNNVD: CNNVD-202009-676

EXTERNAL IDS

db:ICS CERTid:ICSMA-20-254-01

Trust: 1.7

db:NVDid:CVE-2020-16224

Trust: 1.7

db:CNNVDid:CNNVD-202009-676

Trust: 0.7

db:AUSCERTid:ESB-2020.3140

Trust: 0.6

db:VULHUBid:VHN-169281

Trust: 0.1

sources: VULHUB: VHN-169281 // CNNVD: CNNVD-202009-676 // NVD: CVE-2020-16224

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01

Trust: 2.3

url:https://www.philips.com/productsecurity

Trust: 1.0

url:https://www.auscert.org.au/bulletins/esb-2020.3140/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-16224

Trust: 0.6

sources: VULHUB: VHN-169281 // CNNVD: CNNVD-202009-676 // NVD: CVE-2020-16224

CREDITS

in the context of the BSI project ManiMed (Manipulation of medical devices), Germany,Julian Suleder, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Dr. Oliver Matula of ERNW Enno, which reported these to Philips., Nils Emmerich, Birk Kauer of ERNW Research GmbH

Trust: 0.6

sources: CNNVD: CNNVD-202009-676

SOURCES

db:VULHUBid:VHN-169281
db:CNNVDid:CNNVD-202009-676
db:NVDid:CVE-2020-16224

LAST UPDATE DATE

2024-11-23T21:35:20.091000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-169281date:2020-09-15T00:00:00
db:CNNVDid:CNNVD-202009-676date:2021-09-01T00:00:00
db:NVDid:CVE-2020-16224date:2024-11-21T05:06:58.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-169281date:2020-09-11T00:00:00
db:CNNVDid:CNNVD-202009-676date:2020-09-10T00:00:00
db:NVDid:CVE-2020-16224date:2020-09-11T14:15:11.567