CVE-2020-16228
Philips Patient Monitoring Devices Improper Check for Certificate Revocation
Severity Score
6.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Patient Information Center iX (PICiX) Versions C.02 and C.03,
PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors
MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and
prior, the software does not check or incorrectly checks the revocation
status of a certificate, which may cause it to use a compromised
certificate.
Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point VersiĆ³n A.01, Monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, IntelliVue X3 y X2 Versiones N y anteriores. El software no comprueba o comprueba inapropiadamente el estado de revocaciĆ³n de un certificado, lo que puede causar que use un certificado comprometido
*Credits:
Julian Suleder, Nils Emmerich, Birk Kauer of ERNW Research GmbH, Dr. Oliver Matula of ERNW Enno, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices), which reported these to Philips.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-07-31 CVE Reserved
- 2020-09-11 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-299: Improper Check for Certificate Revocation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 | Third Party Advisory | |
| https://www.philips.com/productsecurity |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Philips Search vendor "Philips" | Intellivue Mp2-mp90 Firmware Search vendor "Philips" for product "Intellivue Mp2-mp90 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mp2-mp90 Search vendor "Philips" for product "Intellivue Mp2-mp90" | n Search vendor "Philips" for product "Intellivue Mp2-mp90" and version "n" | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx100 Firmware Search vendor "Philips" for product "Intellivue Mx100 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx100 Search vendor "Philips" for product "Intellivue Mx100" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx400 Firmware Search vendor "Philips" for product "Intellivue Mx400 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx400 Search vendor "Philips" for product "Intellivue Mx400" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx850 Firmware Search vendor "Philips" for product "Intellivue Mx850 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx850 Search vendor "Philips" for product "Intellivue Mx850" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue X2 Firmware Search vendor "Philips" for product "Intellivue X2 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue X2 Search vendor "Philips" for product "Intellivue X2" | n Search vendor "Philips" for product "Intellivue X2" and version "n" | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue X3 Firmware Search vendor "Philips" for product "Intellivue X3 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue X3 Search vendor "Philips" for product "Intellivue X3" | n Search vendor "Philips" for product "Intellivue X3" and version "n" | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx800 Firmware Search vendor "Philips" for product "Intellivue Mx800 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx800 Search vendor "Philips" for product "Intellivue Mx800" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx750 Firmware Search vendor "Philips" for product "Intellivue Mx750 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx750 Search vendor "Philips" for product "Intellivue Mx750" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx700 Firmware Search vendor "Philips" for product "Intellivue Mx700 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx700 Search vendor "Philips" for product "Intellivue Mx700" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx600 Firmware Search vendor "Philips" for product "Intellivue Mx600 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx600 Search vendor "Philips" for product "Intellivue Mx600" | - | - |
Safe
|
| Philips Search vendor "Philips" | Intellivue Mx550 Firmware Search vendor "Philips" for product "Intellivue Mx550 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Intellivue Mx550 Search vendor "Philips" for product "Intellivue Mx550" | - | - |
Safe
|
| Philips Search vendor "Philips" | Patient Information Center Ix Search vendor "Philips" for product "Patient Information Center Ix" | b.02 Search vendor "Philips" for product "Patient Information Center Ix" and version "b.02" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Patient Information Center Ix Search vendor "Philips" for product "Patient Information Center Ix" | c.02 Search vendor "Philips" for product "Patient Information Center Ix" and version "c.02" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Patient Information Center Ix Search vendor "Philips" for product "Patient Information Center Ix" | c.03 Search vendor "Philips" for product "Patient Information Center Ix" and version "c.03" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Performancebridge Focal Point Search vendor "Philips" for product "Performancebridge Focal Point" | a.01 Search vendor "Philips" for product "Performancebridge Focal Point" and version "a.01" | - |
Affected
| ||||||