CVE-2020-16220
Philips Patient Monitoring Devices Improper Validation of Syntactic Correctness of Input
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.3%KEV nãoPoC —Patch —
Lifecycle
Sep 11, 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Patient Information Center iX (PICiX) Versions C.02, C.03,
PerformanceBridge Focal Point Version A.01, the product receives input
that is expected to be well-formed (i.e., to comply with a certain
syntax) but it does not validate or incorrectly validates that the input
complies with the syntax, causing the certificate enrollment service to
crash. It does not impact monitoring but prevents new devices from
enrolling.
Affected products
Philips · Patient Information Center iX (PICiX)Philips · PerformanceBridge Focal PointWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →