CVE-2020-16218

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:philips:patient_information_center_ix:b.02:*:*:*:*:*:*:*
cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*
cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*

History

21 Nov 2024, 05:06

Type Values Removed Values Added
References () https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 - Third Party Advisory, US Government Resource () https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 - Third Party Advisory, US Government Resource
References () https://www.philips.com/productsecurity - () https://www.philips.com/productsecurity -

12 Dec 2023, 21:15

Type Values Removed Values Added
Summary Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.
References
  • () https://www.philips.com/productsecurity -

Information

Published : 2020-09-11 13:15

Updated : 2024-11-21 05:06


NVD link : CVE-2020-16218

Mitre link : CVE-2020-16218

CVE.ORG link : CVE-2020-16218


JSON object : View

Products Affected

philips

  • patient_information_center_ix
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')