CVE-2020-16239

Summary

When an actor claims to have a given identity,

Philips SureSigns VS4, A.07.107 and prior does not prove or insufficiently proves the claim is correct.

Affected Software

VendorProductVersion RangeStatus
PhilipsSureSigns VS40 < A.07.107affected

Weaknesses

  • CWE-287: CWE-287

Workarounds

As a mitigation to these vulnerabilities, Philips recommends users change all system passwords on the SureSigns VS4 with unique passwords for each device and secure the device when not in use to prevent unauthorized access, as referenced in the Installation and Configuration Guide available on Incenter. Philips also recommends users consider replacing the SureSigns VS4 device with a newer technology.

Users with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact Philips service support or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or call 1-800-722-9377.

Please see the Philips advisory http://www.philips.com/productsecurity for vulnerabilities discussed in this disclosure, and visit the Philips product security website https://www.philips.com/productsecurity for the latest security information for Philips products.

ADP Enrichment

CVE Program Container

Additional References

References