In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the
software does not neutralize or incorrectly neutralizes
user-controllable input before it is placed in output that is then used
as a webpage and served to other users. Successful exploitation could
lead to unauthorized access to patient data via a read-only web
application.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 | Third Party Advisory US Government Resource |
https://www.philips.com/productsecurity | |
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 | Third Party Advisory US Government Resource |
https://www.philips.com/productsecurity |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 - Third Party Advisory, US Government Resource | |
References | () https://www.philips.com/productsecurity - |
12 Dec 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. | |
References |
|
Information
Published : 2020-09-11 13:15
Updated : 2024-11-21 05:06
NVD link : CVE-2020-16218
Mitre link : CVE-2020-16218
CVE.ORG link : CVE-2020-16218
JSON object : View
Products Affected
philips
- patient_information_center_ix
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')