Main Vulnerability Database Vulnerabilities #VU46653

#VU46653 Exposure of Resource to Wrong Sphere in Patient Information Center iX - CVE-2020-16212

Published: September 11, 2020

Vulnerability identifier: #VU46653

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-16212

CWE-ID:

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Patient Information Center iX

Software vendor:
Philips

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the affected product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. An attacker with physical access can escape the restricted environment with limited privileges.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsma-20-254-01