CVE-2020-16216: Philips Patient Monitoring Devices Improper Input Validation
First published: Fri Sep 11 2020(Updated: )
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Philips Patient Information Center Ix | =b.02 | |
| Philips Patient Information Center Ix | =c.02 | |
| Philips Patient Information Center Ix | =c.03 | |
| Philips Performancebridge Focal Point | =a.01 | |
| Philips Intellivue NP90 Firmware | ||
| Philips Intellivue MP2-MP90 Firmware | =n | |
| Philips Intellivue Mx100 Firmware | ||
| Philips Intellivue Mx100 Firmware | ||
| Philips Intellivue Mx400 Firmware | ||
| Philips Intellivue Mx400 Firmware | ||
| Philips Intellivue Mx850 Firmware | ||
| Philips Intellivue Mx850 Firmware | ||
| Philips Intellivue X2 Firmware | ||
| Philips Intellivue X2 Firmware | =n | |
| Philips Intellivue X3 Firmware | ||
| Philips Intellivue X3 Firmware | =n | |
| Philips Intellivue MP Monitors MX800/700/600 Firmware | ||
| Philips Intellivue Mx800 Firmware | ||
| Philips Intellivue Mx750 Firmware | ||
| Philips Intellivue Mx750 Firmware | ||
| Philips Intellivue MP Monitors MX800/700/600 Firmware | ||
| Philips Intellivue MP Monitors MX800/700/600 Firmware | ||
| Philips Intellivue MP Monitors MX800/700/600 Firmware | ||
| Philips Intellivue Mx600 Firmware | ||
| Philips Intellivue Mx550 | ||
| Philips Intellivue Mx550 Firmware | ||
| All of | ||
| Philips Intellivue NP90 Firmware | ||
| Philips Intellivue MP2-MP90 Firmware | =n | |
| All of | ||
| Philips Intellivue Mx100 Firmware | ||
| Philips Intellivue Mx100 Firmware | ||
| All of | ||
| Philips Intellivue Mx400 Firmware | ||
| Philips Intellivue Mx400 Firmware | ||
| All of | ||
| Philips Intellivue Mx850 Firmware | ||
| Philips Intellivue Mx850 Firmware | ||
| All of | ||
| Philips Intellivue X2 Firmware | ||
| Philips Intellivue X2 Firmware | =n | |
| All of | ||
| Philips Intellivue X3 Firmware | ||
| Philips Intellivue X3 Firmware | =n | |
| All of | ||
| Philips Intellivue MP Monitors MX800/700/600 Firmware | ||
| Philips Intellivue Mx800 Firmware | ||
| All of | ||
| Philips Intellivue Mx750 Firmware | ||
| Philips Intellivue Mx750 Firmware | ||
| All of | ||
| Philips Intellivue MP Monitors MX800/700/600 Firmware | ||
| Philips Intellivue MP Monitors MX800/700/600 Firmware | ||
| All of | ||
| Philips Intellivue MP Monitors MX800/700/600 Firmware | ||
| Philips Intellivue Mx600 Firmware | ||
| All of | ||
| Philips Intellivue Mx550 | ||
| Philips Intellivue Mx550 Firmware |
Remedy
Philips released the following versions to remediate reported vulnerabilities: * IntelliVue Patient Monitors Versions N.00 and N.01 * IntelliVue Patient Monitors Version M.04: Contact a Philips service support team https://www.usa.philips.com/healthcare/solutions/customer-service-solutions for an upgrade path * Certificate revocation implementation of the IntelliVue Patient Monitors will be completed in Q3 of 2024.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-16216?
The severity of CVE-2020-16216 is medium, with a severity value of 6.5.
Which software versions are affected by CVE-2020-16216?
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior are affected by CVE-2020-16216.
What is the vulnerability description of CVE-2020-16216?
CVE-2020-16216 is a vulnerability in the Patient Information Center iX (PICiX) software, PerformanceBridge Focal Point software, and IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90, as well as IntelliVue X3 and X2, that allows the product to receive input or data without proper validation or incorporation.
How can I fix CVE-2020-16216?
To fix CVE-2020-16216, it is recommended to apply the necessary security patches or updates provided by Philips, the vendor of the affected software and devices.
Where can I find more information about CVE-2020-16216?
You can find more information about CVE-2020-16216 on the US-CERT website at https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01.
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/philips
- canonical/philips patient information center ix
- version/philips patient information center ix/b.02
- version/philips patient information center ix/c.02
- version/philips patient information center ix/c.03
- canonical/philips performancebridge focal point
- version/philips performancebridge focal point/a.01
- canonical/philips intellivue np90 firmware
- canonical/philips intellivue mp2-mp90 firmware
- version/philips intellivue mp2-mp90 firmware/n
- canonical/philips intellivue mx100 firmware
- canonical/philips intellivue mx400 firmware
- canonical/philips intellivue mx850 firmware
- canonical/philips intellivue x2 firmware
- version/philips intellivue x2 firmware/n
- canonical/philips intellivue x3 firmware
- version/philips intellivue x3 firmware/n
- canonical/philips intellivue mp monitors mx800/700/600 firmware
- canonical/philips intellivue mx800 firmware
- canonical/philips intellivue mx750 firmware
- canonical/philips intellivue mx600 firmware
- canonical/philips intellivue mx550
- canonical/philips intellivue mx550 firmware