CVE-2020-16228

moderate-risk

Published 2020-09-11

In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.4/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (15)

Patient Information Center Ix

Performancebridge Focal Point

Intellivue Mp2-Mp90 Firmware

Intellivue Mx100 Firmware

Intellivue Mx400 Firmware

Intellivue Mx850 Firmware

Intellivue X2 Firmware

Intellivue X3 Firmware

Intellivue Mx800 Firmware

Intellivue Mx750 Firmware

Intellivue Mx700 Firmware

Intellivue Mx600 Firmware

Intellivue Mx550 Firmware

Affected Vendors

Philips

References (4)

Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01

https://www.philips.com/productsecurity

Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01

https://www.philips.com/productsecurity

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 18/34 · Moderate