CVE-2020-16220 Vulnerability Details

  /     /     /  

CVE-2020-16220 Metadata Quick Info

CVE Published: 11/09/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: icscert | Vendor: Philips | Product: Patient Information Center iX (PICiX)
Status : PUBLISHED

---

CVE-2020-16220 Description

In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-1286
CWE Name: CWE-1286 Improper Validation of Syntactic Correctness of Input
Source: Philips

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).