CVE-2020-16216: Philips Patient Monitoring Devices Improper Input Validation
First published: Fri Sep 11 2020(Updated: )
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart.
Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Philips Patient Information Center Ix | =b.02 | |
| Philips Patient Information Center Ix | =c.02 | |
| Philips Patient Information Center Ix | =c.03 | |
| Philips Performancebridge Focal Point | =a.01 | |
| Philips Intellivue Mp2-mp90 Firmware | ||
| Philips Intellivue Mp2-mp90 | =n | |
| Philips Intellivue Mx100 Firmware | ||
| Philips Intellivue Mx100 | ||
| Philips Intellivue Mx400 Firmware | ||
| Philips Intellivue Mx400 | ||
| Philips Intellivue Mx850 Firmware | ||
| Philips Intellivue Mx850 | ||
| Philips Intellivue X2 Firmware | ||
| Philips Intellivue X2 | =n | |
| Philips Intellivue X3 Firmware | ||
| Philips Intellivue X3 | =n | |
| Philips Intellivue Mx800 Firmware | ||
| Philips Intellivue Mx800 | ||
| Philips Intellivue Mx750 Firmware | ||
| Philips Intellivue Mx750 | ||
| Philips Intellivue Mx700 Firmware | ||
| Philips Intellivue Mx700 | ||
| Philips Intellivue Mx600 Firmware | ||
| Philips Intellivue Mx600 | ||
| Philips Intellivue Mx550 Firmware | ||
| Philips Intellivue Mx550 | ||
| All of | ||
| Philips Intellivue Mp2-mp90 Firmware | ||
| Philips Intellivue Mp2-mp90 | =n | |
| All of | ||
| Philips Intellivue Mx100 Firmware | ||
| Philips Intellivue Mx100 | ||
| All of | ||
| Philips Intellivue Mx400 Firmware | ||
| Philips Intellivue Mx400 | ||
| All of | ||
| Philips Intellivue Mx850 Firmware | ||
| Philips Intellivue Mx850 | ||
| All of | ||
| Philips Intellivue X2 Firmware | ||
| Philips Intellivue X2 | =n | |
| All of | ||
| Philips Intellivue X3 Firmware | ||
| Philips Intellivue X3 | =n | |
| All of | ||
| Philips Intellivue Mx800 Firmware | ||
| Philips Intellivue Mx800 | ||
| All of | ||
| Philips Intellivue Mx750 Firmware | ||
| Philips Intellivue Mx750 | ||
| All of | ||
| Philips Intellivue Mx700 Firmware | ||
| Philips Intellivue Mx700 | ||
| All of | ||
| Philips Intellivue Mx600 Firmware | ||
| Philips Intellivue Mx600 | ||
| All of | ||
| Philips Intellivue Mx550 Firmware | ||
| Philips Intellivue Mx550 |
Remedy
Philips released the following versions to remediate reported vulnerabilities: * IntelliVue Patient Monitors Versions N.00 and N.01 * IntelliVue Patient Monitors Version M.04: Contact a Philips service support team https://www.usa.philips.com/healthcare/solutions/customer-service-solutions for an upgrade path * Certificate revocation implementation of the IntelliVue Patient Monitors will be completed in Q3 of 2024.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-16216?
The severity of CVE-2020-16216 is medium, with a severity value of 6.5.
Which software versions are affected by CVE-2020-16216?
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior are affected by CVE-2020-16216.
What is the vulnerability description of CVE-2020-16216?
CVE-2020-16216 is a vulnerability in the Patient Information Center iX (PICiX) software, PerformanceBridge Focal Point software, and IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90, as well as IntelliVue X3 and X2, that allows the product to receive input or data without proper validation or incorporation.
How can I fix CVE-2020-16216?
To fix CVE-2020-16216, it is recommended to apply the necessary security patches or updates provided by Philips, the vendor of the affected software and devices.
Where can I find more information about CVE-2020-16216?
You can find more information about CVE-2020-16216 on the US-CERT website at https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01.
- collector/nvd-index
- collector/nvd-api
- agent/title
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/philips
- canonical/philips patient information center ix
- version/philips patient information center ix/b.02
- version/philips patient information center ix/c.02
- version/philips patient information center ix/c.03
- canonical/philips performancebridge focal point
- version/philips performancebridge focal point/a.01
- canonical/philips intellivue mp2-mp90 firmware
- canonical/philips intellivue mp2-mp90
- version/philips intellivue mp2-mp90/n
- canonical/philips intellivue mx100 firmware
- canonical/philips intellivue mx100
- canonical/philips intellivue mx400 firmware
- canonical/philips intellivue mx400
- canonical/philips intellivue mx850 firmware
- canonical/philips intellivue mx850
- canonical/philips intellivue x2 firmware
- canonical/philips intellivue x2
- version/philips intellivue x2/n
- canonical/philips intellivue x3 firmware
- canonical/philips intellivue x3
- version/philips intellivue x3/n
- canonical/philips intellivue mx800 firmware
- canonical/philips intellivue mx800
- canonical/philips intellivue mx750 firmware
- canonical/philips intellivue mx750
- canonical/philips intellivue mx700 firmware
- canonical/philips intellivue mx700
- canonical/philips intellivue mx600 firmware
- canonical/philips intellivue mx600
- canonical/philips intellivue mx550 firmware
- canonical/philips intellivue mx550