In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the
software does not neutralize or incorrectly neutralizes
user-controllable input before it is placed in output that is then used
as a webpage and served to other users. Successful exploitation could
lead to unauthorized access to patient data via a read-only web
application.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 | Third Party Advisory US Government Resource |
https://www.philips.com/productsecurity |
Configurations
Configuration 1 (hide)
|
History
12 Dec 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. |
Information
Published : 2020-09-11 13:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-16218
Mitre link : CVE-2020-16218
CVE.ORG link : CVE-2020-16218
JSON object : View
Products Affected
philips
- patient_information_center_ix
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')