CVE-2020-16228 - OpenCVE

In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Philips	Intellivue Mx400 Firmware Intellivue Mp2-mp90 Intellivue Mx600 Intellivue Mx750 Intellivue Mp2-mp90 Firmware Performancebridge Focal Point Intellivue X2 Intellivue Mx100 Firmware Intellivue Mx400 Intellivue Mx550 Firmware Patient Information Center Ix Intellivue Mx100 Intellivue Mx600 Firmware Intellivue Mx800 Firmware Intellivue Mx800 Intellivue Mx700 Intellivue X2 Firmware Intellivue X3 Intellivue Mx850 Intellivue X3 Firmware Intellivue Mx750 Firmware Intellivue Mx550 Intellivue Mx850 Firmware Intellivue Mx700 Firmware

Configuration 1 [-]

OR	cpe:2.3:a:philips:patient_information_center_ix:b.02:::::::*
	cpe:2.3:a:philips:patient_information_center_ix:c.02:::::::*
	cpe:2.3:a:philips:patient_information_center_ix:c.03:::::::*
	cpe:2.3:a:philips:performancebridge_focal_point:a.01:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:philips:intellivue_mp2-mp90_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mp2-mp90:n:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:philips:intellivue_mx850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx850:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_x2:n:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_x3:n:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:philips:intellivue_mx750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx750:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:philips:intellivue_mx600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx600:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01	Third Party Advisory US Government Resource
https://www.philips.com/productsecurity

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2020-09-11T12:58:13

Updated: 2023-12-12T20:52:52.755Z

Reserved: 2020-07-31T00:00:00

Link: CVE-2020-16228

JSON object: View

NVD Information

Status : Modified

Published: 2020-09-11T13:15:11.377

Modified: 2023-12-12T21:15:07.970

Link: CVE-2020-16228

JSON object: View

Redhat Information

No data.

CWE

CWE-299