CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43552 – Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of Hard-coded Cryptographic Key
https://notcve.org/view.php?id=CVE-2021-43552
27 Dec 2021 — The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03. El uso de una clave criptográfica embebida aumenta significativamente la posibilidad de que los datos encriptados puedan ser recuperados de Patient Information Center iX (PIC iX) Versiones B.02, C.02 y C.03 • https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-16212 – Philips Patient Monitoring Devices Exposure of Resource to Wrong Sphere
https://notcve.org/view.php?id=CVE-2020-16212
11 Sep 2020 — In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Poin... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16220 – Philips Patient Monitoring Devices Improper Validation of Syntactic Correctness of Input
https://notcve.org/view.php?id=CVE-2020-16220
11 Sep 2020 — In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2020-16216 – Philips Patient Monitoring Devices Improper Input Validation
https://notcve.org/view.php?id=CVE-2020-16216
11 Sep 2020 — In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 26EXPL: 0CVE-2020-16228 – Philips Patient Monitoring Devices Improper Check for Certificate Revocation
https://notcve.org/view.php?id=CVE-2020-16228
11 Sep 2020 — In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-299: Improper Check for Certificate Revocation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16222 – Philips Patient Monitoring Devices Improper Authentication
https://notcve.org/view.php?id=CVE-2020-16222
11 Sep 2020 — In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, IntelliVue X3 y X2 Versiones N y anteriores. Cuando un actor afirma ten... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-287: Improper Authentication •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-16214 – Philips Patient Monitoring Devices Improper Neutralization of Formula Elements in a CSV File
https://notcve.org/view.php?id=CVE-2020-16214
11 Sep 2020 — In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, ... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-16218 – Philips Patient Monitoring Devices Cross-site Scripting
https://notcve.org/view.php?id=CVE-2020-16218
11 Sep 2020 — In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y M... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •