Exposure of Resource to Wrong Sphere in Patient Information Center iX - CVE-2020-16212

 

Exposure of Resource to Wrong Sphere in Patient Information Center iX - CVE-2020-16212

Published: September 11, 2020


Vulnerability identifier: #VU46653
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-16212
CWE-ID:
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Philips
Affected software:
Patient Information Center iX

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the affected product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. An attacker with physical access can escape the restricted environment with limited privileges.


How to mitigate CVE-2020-16212

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources