PT-2020-14819 · Philips · Performancebridge Focal Point+1
Published
2020-09-11
·
Updated
2023-12-12
·
CVE-2020-16220
CVSS v3.1
4.3
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Patient Information Center iX (PICiX) versions C.02 through C.03
PerformanceBridge Focal Point version A.01
Description
The product receives input that is expected to be well-formed but does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. This issue does not impact monitoring but prevents new devices from enrolling.
Recommendations
For Patient Information Center iX (PICiX) versions C.02 through C.03, consider implementing input validation to ensure compliance with the expected syntax.
For PerformanceBridge Focal Point version A.01, consider implementing input validation to ensure compliance with the expected syntax.
As a temporary workaround, consider restricting access to the certificate enrollment service to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Patient Information Center Ix
Performancebridge Focal Point