CVE-2020-16218

low-risk
Published 2020-09-11

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.

Do I need to act?

-
0.10% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
ADJACENT_NETWORK / LOW complexity

Affected Products (3)

Patient Information Center Ix
Patient Information Center Ix
Patient Information Center Ix

Affected Vendors

Philips

References (4)

Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
https://www.philips.com/productsecurity
Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
https://www.philips.com/productsecurity
22
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 9/34 · Low