CVE-2020-16228

Name of the Vulnerable Software and Affected Versions Patient Information Center iX (PICiX) versions C.02 and C.03 PerformanceBridge Focal Point version A.01 IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850 IntelliVue X3 versions N and prior

Description The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.

Recommendations For Patient Information Center iX (PICiX) versions C.02 and C.03, consider disabling the certificate validation function until a patch is available. For PerformanceBridge Focal Point version A.01, restrict access to the certificate management module to minimize the risk of exploitation. For IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 versions N and prior, avoid using compromised certificates in the affected devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.