CVE-2020-16212 Vulnerability Details

  /     /     /  

CVE-2020-16212 Metadata Quick Info

CVE Published: 11/09/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: icscert | Vendor: Philips | Product: Patient Information Center iX (PICiX)
Status : PUBLISHED

---

CVE-2020-16212 Description

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-668
CWE Name: CWE-668 Exposure of Resource to Wrong Sphere
Source: Philips

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).