CVSS: 6.4EPSS: 0%CPEs: 26EXPL: 0CVE-2020-16228 – Philips Patient Monitoring Devices Improper Check for Certificate Revocation
https://notcve.org/view.php?id=CVE-2020-16228
11 Sep 2020 — In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-299: Improper Check for Certificate Revocation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16222 – Philips Patient Monitoring Devices Improper Authentication
https://notcve.org/view.php?id=CVE-2020-16222
11 Sep 2020 — In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, IntelliVue X3 y X2 Versiones N y anteriores. Cuando un actor afirma ten... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-287: Improper Authentication •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-16214 – Philips Patient Monitoring Devices Improper Neutralization of Formula Elements in a CSV File
https://notcve.org/view.php?id=CVE-2020-16214
11 Sep 2020 — In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, ... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-16218 – Philips Patient Monitoring Devices Cross-site Scripting
https://notcve.org/view.php?id=CVE-2020-16218
11 Sep 2020 — In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y M... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2020-11618
https://notcve.org/view.php?id=CVE-2020-11618
31 Aug 2020 — THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol. Los decodificadores THOMSON THT741FTA versión 2.2.1 y Philips DTR3502BFTA DVB-T2 versión 2.2.1, presentan su servicio TELNET embebido para iniciarse en el arranque, permitiendo a un atacante en la red local alcanzar acceso root por medio del protocolo TELNET • https://decoded.avast.io/vladislaviliushin/flaws-in-dvb-t2-set-top-boxes-exposed •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2020-11617
https://notcve.org/view.php?id=CVE-2020-11617
31 Aug 2020 — The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. La aplicación RSS en los decodificadores THOMSON THT741FTA versión 2.2.1 y Philips DTR3502BFTA DVB-T2 versión 2.2.1, no valida los certificados SSL de los servidores RSS, permitiendo a un atacante de tipo man-in-the-middle modificar los datos entregados a el cliente • https://decoded.avast.io/vladislaviliushin/flaws-in-dvb-t2-set-top-boxes-exposed • CWE-295: Improper Certificate Validation •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16239
https://notcve.org/view.php?id=CVE-2020-16239
21 Aug 2020 — Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. Philips SureSigns versiones VS4, A.07.107 y anteriores. Cuando un actor afirma tener una identidad determinada, el software no prueba o prueba insuficientemente que la afirmación sea correcta. • https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01 • CWE-287: Improper Authentication •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16241
https://notcve.org/view.php?id=CVE-2020-16241
21 Aug 2020 — Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Philips SureSigns versiones VS4, A.07.107 y anteriores. El software no restringe o restringe incorrectamente el acceso a un recurso desde un actor no autorizado. • https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16237
https://notcve.org/view.php?id=CVE-2020-16237
21 Aug 2020 — Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. Philips SureSigns versiones VS4, A.07.107 y anteriores. El producto recibe una entrada o datos, pero no comprueba o comprueba incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos segura y correctamente. • https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14518
https://notcve.org/view.php?id=CVE-2020-14518
21 Aug 2020 — Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. Philips DreamMapper, versiones 2.24 y anteriores. Una información escrita en los archivos de registro puede brindar orientación a un posible atacante. • https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01 • CWE-532: Insertion of Sensitive Information into Log File •