CVE-2020-16216
Philips Patient Monitoring Devices Improper Input Validation
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750,
MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior,
the product receives input or data but does not validate or incorrectly
validates that the input has the properties required to process the data
safely and correctly, which can induce a denial-of-service condition
through a system restart.
Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, IntelliVue X3 y X2 Versiones N y anteriores. El producto recibe una entrada o datos pero no comprueba o comprueba incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos seguramente y correctamente, lo que puede inducir una condición de denegación de servicio por medio de un reinicio del sistema
*Credits:
Julian Suleder, Nils Emmerich, Birk Kauer of ERNW Research GmbH, Dr. Oliver Matula of ERNW Enno, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices), which reported these to Philips.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-07-31 CVE Reserved
- 2020-09-11 CVE Published
- 2023-12-13 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 | Third Party Advisory | |
| https://www.philips.com/productsecurity |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Philips Search vendor "Philips" | Intellivue Mp2-mp90 Firmware Search vendor "Philips" for product "Intellivue Mp2-mp90 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mp2-mp90 Search vendor "Philips" for product "Intellivue Mp2-mp90" | n Search vendor "Philips" for product "Intellivue Mp2-mp90" and version "n" | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx100 Firmware Search vendor "Philips" for product "Intellivue Mx100 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx100 Search vendor "Philips" for product "Intellivue Mx100" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx400 Firmware Search vendor "Philips" for product "Intellivue Mx400 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx400 Search vendor "Philips" for product "Intellivue Mx400" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx850 Firmware Search vendor "Philips" for product "Intellivue Mx850 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx850 Search vendor "Philips" for product "Intellivue Mx850" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue X2 Firmware Search vendor "Philips" for product "Intellivue X2 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue X2 Search vendor "Philips" for product "Intellivue X2" | n Search vendor "Philips" for product "Intellivue X2" and version "n" | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue X3 Firmware Search vendor "Philips" for product "Intellivue X3 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue X3 Search vendor "Philips" for product "Intellivue X3" | n Search vendor "Philips" for product "Intellivue X3" and version "n" | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx800 Firmware Search vendor "Philips" for product "Intellivue Mx800 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx800 Search vendor "Philips" for product "Intellivue Mx800" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx750 Firmware Search vendor "Philips" for product "Intellivue Mx750 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx750 Search vendor "Philips" for product "Intellivue Mx750" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx700 Firmware Search vendor "Philips" for product "Intellivue Mx700 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx700 Search vendor "Philips" for product "Intellivue Mx700" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx600 Firmware Search vendor "Philips" for product "Intellivue Mx600 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx600 Search vendor "Philips" for product "Intellivue Mx600" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx550 Firmware Search vendor "Philips" for product "Intellivue Mx550 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx550 Search vendor "Philips" for product "Intellivue Mx550" | - | - |
Safe
|
| Philips Search vendor "Philips" | Patient Information Center Ix Search vendor "Philips" for product "Patient Information Center Ix" | b.02 Search vendor "Philips" for product "Patient Information Center Ix" and version "b.02" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Patient Information Center Ix Search vendor "Philips" for product "Patient Information Center Ix" | c.02 Search vendor "Philips" for product "Patient Information Center Ix" and version "c.02" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Patient Information Center Ix Search vendor "Philips" for product "Patient Information Center Ix" | c.03 Search vendor "Philips" for product "Patient Information Center Ix" and version "c.03" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Performancebridge Focal Point Search vendor "Philips" for product "Performancebridge Focal Point" | a.01 Search vendor "Philips" for product "Performancebridge Focal Point" and version "a.01" | - |
Affected
| ||||||