CVE-2020-16212

CVE-2020-16212: Philips Patient Monitoring Devices Exposure of Resource to Wrong Sphere

Vendor Philips
Product Patient Information Center iX (PICiX)
Weakness CWE-668
Published September 11, 2020
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.

Key dates

02Disclosure timeline

September 11, 2020 CVE published
August 4, 2024 Record updated