CVE-2020-16220

EPSS 0.04%
Published 11.09.2020 14:15:11
Last modified 21.11.2024 05:06:57
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

In Patient Information Center iX (PICiX) Versions C.02, C.03, 
PerformanceBridge Focal Point Version A.01, the product receives input 
that is expected to be well-formed (i.e., to comply with a certain 
syntax) but it does not validate or incorrectly validates that the input
 complies with the syntax, causing the certificate enrollment service to
 crash. It does not impact monitoring but prevents new devices from 
enrolling.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Philips ≫ Patient Information Center Ix Versionb.02

Philips ≫ Patient Information Center Ix Versionc.02

Philips ≫ Patient Information Center Ix Versionc.03

Philips ≫ Performancebridge Focal Point Versiona.01

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.065

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:N/A:P

CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01

Third Party Advisory

US Government Resource

https://www.philips.com/productsecurity

https://nvd.nist.gov/vuln/detail/CVE-2020-16220

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-16220

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-16220

EUVD