In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 | Third Party Advisory US Government Resource |
https://www.philips.com/productsecurity | |
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 | Third Party Advisory US Government Resource |
https://www.philips.com/productsecurity |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 - Third Party Advisory, US Government Resource | |
References | () https://www.philips.com/productsecurity - |
12 Dec 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. |
Information
Published : 2020-09-11 14:15
Updated : 2024-11-21 05:06
NVD link : CVE-2020-16212
Mitre link : CVE-2020-16212
CVE.ORG link : CVE-2020-16212
JSON object : View
Products Affected
philips
- patient_information_center_ix
CWE
CWE-668
Exposure of Resource to Wrong Sphere