CVE-2020-16220

EPSS 0.04%
Veröffentlicht 11.09.2020 14:15:11
Zuletzt bearbeitet 21.11.2024 05:06:57
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

In Patient Information Center iX (PICiX) Versions C.02, C.03, 
PerformanceBridge Focal Point Version A.01, the product receives input 
that is expected to be well-formed (i.e., to comply with a certain 
syntax) but it does not validate or incorrectly validates that the input
 complies with the syntax, causing the certificate enrollment service to
 crash. It does not impact monitoring but prevents new devices from 
enrolling.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Philips ≫ Patient Information Center Ix Versionb.02

Philips ≫ Patient Information Center Ix Versionc.02

Philips ≫ Patient Information Center Ix Versionc.03

Philips ≫ Performancebridge Focal Point Versiona.01

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:N/A:P

CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01

Third Party Advisory

US Government Resource

https://www.philips.com/productsecurity

https://nvd.nist.gov/vuln/detail/CVE-2020-16220

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-16220

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-16220

EUVD