Vulnerabilities > CVE-2020-16228 - Improper Check for Certificate Revocation vulnerability in Philips products

CVSS 6.4 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

LOW

low complexity

philips

CWE-299

NVD

Published: 2020-09-11

Updated: 2023-12-12

Summary

In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.

Vulnerable Configurations

Part	Description	Count
Application	Philips Philips Performancebridge Focal Point A.01 Philips Patient Information Center IX B.02 Philips Patient Information Center IX C.02 Philips Patient Information Center IX C.03	4
OS	Philips Philips Intellivue MP2 Mp90 Firmware - Philips Intellivue Mx100 Firmware - Philips Intellivue Mx400 Firmware - Philips Intellivue Mx850 Firmware - Philips Intellivue X2 Firmware - Philips Intellivue X3 Firmware - Philips Intellivue Mx800 Firmware - Philips Intellivue Mx750 Firmware - Philips Intellivue Mx700 Firmware - Philips Intellivue Mx600 Firmware - Philips Intellivue Mx550 Firmware -	11
Hardware	Philips Philips Intellivue MP2 Mp90 N Philips Intellivue Mx100 - Philips Intellivue Mx400 - Philips Intellivue Mx850 - Philips Intellivue X2 N Philips Intellivue X3 N Philips Intellivue Mx800 - Philips Intellivue Mx750 - Philips Intellivue Mx700 - Philips Intellivue Mx600 - Philips Intellivue Mx550 -	11

Common Weakness Enumeration (CWE)

CWE-299 - Improper Check for Certificate Revocation

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References