Vulnerability CVE-2020-16228
Published: 2020-09-11

Description:
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.

Type:

CWE-299

 (Improper Check for Certificate Revocation)

CVSS2 => (AV:A/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.2/10
6.4/10
5.1/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Philips -> Patient information center ix 
Philips -> Performancebridge focal point 

 References:
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
Copyright 2024, cxsecurity.com

 

Back to Top