CVE-2020-16228

Philips Patient Monitoring Devices Improper Check for Certificate Revocation

EPSS 0.4%CWE-299

In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.

Affected products

Philips · IntelliVue patient monitors Philips · IntelliVue X3 Philips · Patient Information Center iX (PICiX)Philips · PerformanceBridge Focal Point

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 https://www.philips.com/productsecurity