MEDIUM🇵🇱 Wersja polska

CVE-2020-16212

CVSS 6.8v3.1pub. 2020-09-11upd. 2024-11-21

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.

CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Philips Patient Information Center Ix

    APP
    Philips
    b.02c.02c.03
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-16222HIGH8.8ten sam produkt

In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version ...

CVE-2021-43552MEDIUM6.1ten sam produkt

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recove...

CVE-2021-43548MEDIUM6.5ten sam produkt

Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or...

CVE-2021-43550MEDIUM5.9ten sam produkt

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of...

CVE-2020-16228MEDIUM6.4ten sam produkt

In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, ...