Vulnerabilities > CVE-2020-16214 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Philips Patient Information Center IX B.02/C.02/C.03

047910
CVSS 5.0 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
local
low complexity
philips
CWE-1236
NVD
Published: 2020-09-11
Updated: 2023-12-12

Summary

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.

Vulnerable Configurations

Part Description Count
Application
Philips
3

Common Weakness Enumeration (CWE)

References