CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2020-16216 – Philips Patient Monitoring Devices Improper Input Validation
https://notcve.org/view.php?id=CVE-2020-16216
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, IntelliVue X3 y X2 Versiones N y anteriores. El producto recibe una entrada o datos pero no comprueba o comprueba incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos seguramente y correctamente, lo que puede inducir una condición de denegación de servicio por medio de un reinicio del sistema • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 https://www.philips.com/productsecurity • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 26EXPL: 0CVE-2020-16228 – Philips Patient Monitoring Devices Improper Check for Certificate Revocation
https://notcve.org/view.php?id=CVE-2020-16228
In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, IntelliVue X3 y X2 Versiones N y anteriores. El software no comprueba o comprueba inapropiadamente el estado de revocación de un certificado, lo que puede causar que use un certificado comprometido • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 https://www.philips.com/productsecurity • CWE-299: Improper Check for Certificate Revocation •
CVSS: 5.3EPSS: 0%CPEs: 36EXPL: 0CVE-2018-10599
https://notcve.org/view.php?id=CVE-2018-10599
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet. IntelliVue Patient Monitors MP Series (incluyendo MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M y (X3/MX100 solo para Rev M) y Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 con software Revisions F.0, G.0 y J.3 tienen una vulnerabilidad que permite que un atacante no autenticado lea memoria desde una dirección del dispositivo escogida por el atacante en la misma subred. • https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.3EPSS: 0%CPEs: 36EXPL: 0CVE-2018-10597
https://notcve.org/view.php?id=CVE-2018-10597
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet. IntelliVue Patient Monitors MP Series (incluyendo MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M y (X3/MX100 solo para Rev M) y Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 con software Revisions F.0, G.0 y J.3 tienen una vulnerabilidad que permite que un atacante no autenticado acceda a memoria ("write-what-where") desde una dirección del dispositivo escogida por el atacante en la misma subred. • https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 • CWE-287: Improper Authentication CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 36EXPL: 0CVE-2018-10601
https://notcve.org/view.php?id=CVE-2018-10601
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow. IntelliVue Patient Monitors MP Series (incluyendo MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M y (X3/MX100 solo para Rev M) y Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 con software en Revisions F.0, G.0 y J.3 tienen una vulnerabilidad que expone un servicio "echo" por el cual un búfer enviado por el atacante a una dirección de dispositivo en la misma subred elegida por el atacante se copia a la pila sin comprobaciones de límites, lo que resulta en un desbordamiento de pila. • https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •