CVE-2020-16237
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Philips | SureSigns VS4 | 0 < A.07.107 | affected |
Weaknesses
- CWE-20: CWE-20
Workarounds
As a mitigation to these vulnerabilities, Philips recommends users change all system passwords on the SureSigns VS4 with unique passwords for each device and secure the device when not in use to prevent unauthorized access, as referenced in the Installation and Configuration Guide available on Incenter. Philips also recommends users consider replacing the SureSigns VS4 device with a newer technology.
Users with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact Philips service support or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or call 1-800-722-9377.
Please see the Philips advisory http://www.philips.com/productsecurity for vulnerabilities discussed in this disclosure, and visit the Philips product security website https://www.philips.com/productsecurity for the latest security information for Philips products.
ADP Enrichment
CVE Program Container
Additional References
References
- https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01
- https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.