CVE-2020-16222
Philips Patient Monitoring Devices Improper Authentication
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and
PerformanceBridge Focal Point Version A.01, when an actor claims to have
a given identity, the software does not prove or insufficiently proves
the claim is correct.
Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point VersiĆ³n A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, IntelliVue X3 y X2 Versiones N y anteriores. Cuando un actor afirma tener una identidad determinada, el software no prueba o prueba insuficientemente que la afirmaciĆ³n sea correcta
*Credits:
Julian Suleder, Nils Emmerich, Birk Kauer of ERNW Research GmbH, Dr. Oliver Matula of ERNW Enno, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices), which reported these to Philips.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-07-31 CVE Reserved
- 2020-09-11 CVE Published
- 2023-12-13 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 | Third Party Advisory | |
| https://www.philips.com/productsecurity |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Philips Search vendor "Philips" | Patient Information Center Ix Search vendor "Philips" for product "Patient Information Center Ix" | b.02 Search vendor "Philips" for product "Patient Information Center Ix" and version "b.02" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Patient Information Center Ix Search vendor "Philips" for product "Patient Information Center Ix" | c.02 Search vendor "Philips" for product "Patient Information Center Ix" and version "c.02" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Patient Information Center Ix Search vendor "Philips" for product "Patient Information Center Ix" | c.03 Search vendor "Philips" for product "Patient Information Center Ix" and version "c.03" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Performancebridge Focal Point Search vendor "Philips" for product "Performancebridge Focal Point" | a.01 Search vendor "Philips" for product "Performancebridge Focal Point" and version "a.01" | - |
Affected
| ||||||