CVE-2020-16212

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:philips:patient_information_center_ix:b.02:*:*:*:*:*:*:*
cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*
cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*

History

21 Nov 2024, 05:06

Type Values Removed Values Added
References () https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 - Third Party Advisory, US Government Resource () https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 - Third Party Advisory, US Government Resource
References () https://www.philips.com/productsecurity - () https://www.philips.com/productsecurity -

12 Dec 2023, 19:15

Type Values Removed Values Added
References
  • () https://www.philips.com/productsecurity -
Summary Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.

Information

Published : 2020-09-11 14:15

Updated : 2024-11-21 05:06


NVD link : CVE-2020-16212

Mitre link : CVE-2020-16212

CVE.ORG link : CVE-2020-16212


JSON object : View

Products Affected

philips

  • patient_information_center_ix
CWE
CWE-668

Exposure of Resource to Wrong Sphere