Vulnerabilities > CVE-2020-16220 - Improper Validation of Syntactic Correctness of Input vulnerability in Philips products

CVSS 4.3 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

low complexity

philips

CWE-1286

NVD

Published: 2020-09-11

Updated: 2023-12-12

Summary

In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.

Vulnerable Configurations

Part	Description	Count
Application	Philips Philips Performancebridge Focal Point A.01 Philips Patient Information Center IX B.02 Philips Patient Information Center IX C.02 Philips Patient Information Center IX C.03	4

Common Weakness Enumeration (CWE)

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References