CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2020-16216 – Philips Patient Monitoring Devices Improper Input Validation
https://notcve.org/view.php?id=CVE-2020-16216
11 Sep 2020 — In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 26EXPL: 0CVE-2020-16228 – Philips Patient Monitoring Devices Improper Check for Certificate Revocation
https://notcve.org/view.php?id=CVE-2020-16228
11 Sep 2020 — In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-299: Improper Check for Certificate Revocation •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2019-13530
https://notcve.org/view.php?id=CVE-2019-13530
12 Sep 2019 — Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware. Philips IntelliVue WLAN, monitores portátiles de pacientes, WLAN Versión A, Firmware A.03.09, WLAN Versión A, Firmware A.03.09, Número de ... • https://www.us-cert.gov/ics/advisories/icsma-19-255-01 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2019-13534
https://notcve.org/view.php?id=CVE-2019-13534
12 Sep 2019 — Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. Philips IntelliVue WLAN, monitores portátiles de pacientes, W... • https://www.us-cert.gov/ics/advisories/icsma-19-255-01 • CWE-494: Download of Code Without Integrity Check •
CVSS: 8.3EPSS: 0%CPEs: 36EXPL: 0CVE-2018-10597
https://notcve.org/view.php?id=CVE-2018-10597
05 Jun 2018 — IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet. IntelliVue Patient Monitors MP Series (incluyendo MP2/X2/MP30/MP50/MP70/NP90... • https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 • CWE-287: Improper Authentication CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 36EXPL: 0CVE-2018-10599
https://notcve.org/view.php?id=CVE-2018-10599
05 Jun 2018 — IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet. IntelliVue Patient Monitors MP Series (incluyendo MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, In... • https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 0%CPEs: 36EXPL: 0CVE-2018-10601
https://notcve.org/view.php?id=CVE-2018-10601
05 Jun 2018 — IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow. IntelliVu... • https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •