Main Vulnerability Database Vulnerabilities #VU46646

CSV Injection in Patient Information Center iX - CVE-2020-16214

Published: September 11, 2020

Vulnerability identifier: #VU46646

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-16214

CWE-ID: CWE-94

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Patient Information Center iX

Software vendor:
Philips

Description

The vulnerability allows a local user to inject arbitrary data into CSV files.

The vulnerability exists due to improper input validation when generating CSV files. A local administrator can create specially crafted CSV files and trick the victim into exporting the file with malicious content.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsma-20-254-01

CSV Injection in Patient Information Center iX - CVE-2020-16214

Description

Remediation

External links

Please verify you're human