Vulnerabilities > Philips
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-11 | CVE-2020-16220 | Improper Validation of Syntactic Correctness of Input vulnerability in Philips products In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. | 4.3 |
| 2020-09-11 | CVE-2020-16216 | Improper Input Validation vulnerability in Philips products In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. | 6.5 |
| 2020-09-11 | CVE-2020-16212 | Exposure of Resource to Wrong Sphere vulnerability in Philips Patient Information Center IX B.02/C.02/C.03 In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | 6.8 |
| 2020-09-11 | CVE-2020-16228 | Improper Check for Certificate Revocation vulnerability in Philips products In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. | 6.4 |
| 2020-09-11 | CVE-2020-16222 | Improper Authentication vulnerability in Philips products In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | 8.8 |
| 2020-09-11 | CVE-2020-16218 | Cross-site Scripting vulnerability in Philips Patient Information Center IX B.02/C.02/C.03 In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. | 3.5 |
| 2020-09-11 | CVE-2020-16214 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Philips Patient Information Center IX B.02/C.02/C.03 In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 5.0 |
| 2020-08-31 | CVE-2020-11618 | THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol. | 7.2 |
| 2020-08-31 | CVE-2020-11617 | Improper Certificate Validation vulnerability in multiple products The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. | 4.3 |
| 2020-08-21 | CVE-2020-16241 | Incorrect Authorization vulnerability in Philips Suresigns VS4 Firmware A.07.107 Philips SureSigns VS4, A.07.107 and prior. | 2.1 |