CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-43550 – Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of a Broken or Risky Cryptographic Algorithm
https://notcve.org/view.php?id=CVE-2021-43550
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0. El uso de un algoritmo criptográfico roto o arriesgado es un riesgo no necesario que puede resultar en una exposición de información confidencial, que afecta a las comunicaciones entre Patient Information Center iX (PIC iX) Versiones C.02 y C.03 y Efficia CM Series Revisiones A.01 a C.0x y 4.0 • https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43548 – Philips Patient Information Center iX (PIC iX) and Efficia CM Series Improper Input Validation
https://notcve.org/view.php?id=CVE-2021-43548
Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. Patient Information Center iX (PIC iX) Versiones C.02 y C.03, recibe entradas o datos, pero no comprueba o comprueba incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos de forma segura y correcta • https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43552 – Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of Hard-coded Cryptographic Key
https://notcve.org/view.php?id=CVE-2021-43552
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03. El uso de una clave criptográfica embebida aumenta significativamente la posibilidad de que los datos encriptados puedan ser recuperados de Patient Information Center iX (PIC iX) Versiones B.02, C.02 y C.03 • https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-16212 – Philips Patient Monitoring Devices Exposure of Resource to Wrong Sphere
https://notcve.org/view.php?id=CVE-2020-16212
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, IntelliVue X3 y X2 Versiones N y anteriores. El producto expone un recurso a la esfera de control equivocada, proporcionando a los actores no deseados un acceso inapropiado al recurso. La aplicación en la estación de supervisión opera en modo Kiosk, que es vulnerable a filtraciones locales que podrían permitir a un atacante con acceso físico escapar el entorno restringido con privilegios limitados • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 https://www.philips.com/productsecurity • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16220 – Philips Patient Monitoring Devices Improper Validation of Syntactic Correctness of Input
https://notcve.org/view.php?id=CVE-2020-16220
In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, IntelliVue X3 y X2 Versiones N y anteriores. El producto recibe una entrada que se espera que esté bien formada (es decir, que cumpla con una determinada sintaxis) pero no comprueba o comprueba incorrectamente que la entrada cumple con la sintaxis, causando que el servicio de inscripción de certificados se bloque. No impacta la supervisión, pero evita que se inscriban nuevos dispositivos • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 https://www.philips.com/productsecurity • CWE-1286: Improper Validation of Syntactic Correctness of Input •