#VU46652 Input validation error in Philips products - CVE-2020-16216

Vulnerability identifier: #VU46652

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-16216

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
IntelliVue patient monitors MX100
IntelliVue patient monitors MX400
IntelliVue patient monitors MX430
IntelliVue patient monitors MX450
IntelliVue patient monitors MX500
IntelliVue patient monitors MX550
IntelliVue patient monitors MX600
IntelliVue patient monitors MX700
IntelliVue patient monitors MX750
IntelliVue patient monitors MX800
IntelliVue patient monitors MX850
IntelliVue patient monitors MP2
IntelliVue patient monitors MP5
IntelliVue patient monitors MP20
IntelliVue patient monitors MP30
IntelliVue patient monitors MP40
IntelliVue patient monitors MP50
IntelliVue patient monitors MP60
IntelliVue patient monitors MP70
IntelliVue patient monitors MP80
IntelliVue patient monitors MP90
IntelliVue X3
IntelliVue X2

Software vendor:
Philips

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

• https://ics-cert.us-cert.gov/advisories/icsma-20-254-01