#VU46649 Improper Check for Certificate Revocation in Philips products - CVE-2020-16228
Published: September 11, 2020
Vulnerability identifier: #VU46649
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-16228
CWE-ID: CWE-299
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Patient Information Center iX
IntelliVue patient monitors MX100
IntelliVue patient monitors MX400
IntelliVue patient monitors MX430
IntelliVue patient monitors MX450
IntelliVue patient monitors MX500
IntelliVue patient monitors MX550
IntelliVue patient monitors MX850
IntelliVue patient monitors MX750
IntelliVue X3
Patient Information Center iX
IntelliVue patient monitors MX100
IntelliVue patient monitors MX400
IntelliVue patient monitors MX430
IntelliVue patient monitors MX450
IntelliVue patient monitors MX500
IntelliVue patient monitors MX550
IntelliVue patient monitors MX850
IntelliVue patient monitors MX750
IntelliVue X3
Software vendor:
Philips
Philips
Description
The vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to the affected software does not check or incorrectly checks the revocation status of a certificate. A remote administrator on the local network can compromise certificate.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.