← Voltar para CVEs
CVE-2020-16212
MEDIUM6.8
Descricao
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.
Detalhes CVE
Pontuacao CVSS v3.16.8
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataquePHYSICAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado9/11/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
philips:patient_information_center_ix
Fraquezas (CWE)
CWE-668CWE-668
Referencias
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01(ics-cert@hq.dhs.gov)
https://www.philips.com/productsecurity(ics-cert@hq.dhs.gov)
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01(af854a3a-2127-422b-91ae-364da2661108)
https://www.philips.com/productsecurity(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.