Sign-up

ID

VAR-202008-0371


CVE

CVE-2020-16237


TITLE

Philips Made SureSigns VS4 Multiple vulnerabilities in

Trust: 1.6

sources: JVNDB: JVNDB-2020-007707 // JVNDB: JVNDB-2020-007707

DESCRIPTION

Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. SureSings VS4 Is Philips It is a device provided by the company that monitors the vital signs of patients. SureSings VS4 The following multiple vulnerabilities exist in. ‥ * Improper input confirmation (CWE-20) - CVE-2020-16237 ‥ * Inappropriate access control (CWE-284) - CVE-2020-16241 ‥ * Inappropriate authentication (CWE-287) - CVE-2020-16239Third parties may have access to administrator operations and system settings, which could result in device settings being modified and patient data sent out. SureSings VS4 Is Philips It is a device provided by the company that monitors the vital signs of patients. SureSings VS4 The following multiple vulnerabilities exist in. ‥ * Improper input confirmation (CWE-20) - CVE-2020-16237 ‥ * Inappropriate access control (CWE-284) - CVE-2020-16241 ‥ * Inappropriate authentication (CWE-287) - CVE-2020-16239Third parties may have access to administrator operations and system settings, which could result in device settings being modified and patient data sent out. No detailed vulnerability details are currently provided

Trust: 2.88

sources: NVD: CVE-2020-16237 // JVNDB: JVNDB-2020-007707 // JVNDB: JVNDB-2020-007707 // CNVD: CNVD-2020-49569

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-49569

AFFECTED PRODUCTS

vendor:philipsmodel:suresigns vs4scope:eqversion:a.07.107

Trust: 1.6

vendor:philipsmodel:suresigns vs4scope:lteversion:a.07.107

Trust: 1.0

vendor:philipsmodel:suresigns vs4 <=a.07.107scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-49569 // JVNDB: JVNDB-2020-007707 // JVNDB: JVNDB-2020-007707 // NVD: CVE-2020-16237

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2020-007707
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2020-16237
value: LOW

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2020-16237
value: LOW

Trust: 1.0

NVD: JVNDB-2020-007707
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-49569
value: LOW

Trust: 0.6

CNNVD: CNNVD-202008-1026
value: LOW

Trust: 0.6

NVD: JVNDB-2020-007707
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.4

nvd@nist.gov: CVE-2020-16237
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-49569
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-16237
baseSeverity: LOW
baseScore: 2.1
vectorString: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 0.7
impactScore: 1.4
version: 3.1

Trust: 2.0

IPA: JVNDB-2020-007707
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: 3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2020-007707
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: 3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-49569 // JVNDB: JVNDB-2020-007707 // JVNDB: JVNDB-2020-007707 // JVNDB: JVNDB-2020-007707 // CNNVD: CNNVD-202008-1026 // NVD: CVE-2020-16237 // NVD: CVE-2020-16237

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2020-16237

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202008-1026

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007707

PATCH
title:Product Securityurl:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 1.6
sources:
            
            
            JVNDB: JVNDB-2020-007707 // 
            
            
            
            JVNDB: JVNDB-2020-007707

EXTERNAL IDS
db:ICS CERTid:ICSMA-20-233-01
Trust: 3.8
db:NVDid:CVE-2020-16237
Trust: 3.8
db:JVNid:JVNVU96372881
Trust: 1.6
db:JVNDBid:JVNDB-2020-007707
Trust: 1.6
db:CNVDid:CNVD-2020-49569
Trust: 0.6
db:NSFOCUSid:48556
Trust: 0.6
db:AUSCERTid:ESB-2020.2874
Trust: 0.6
db:CNNVDid:CNNVD-202008-1026
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-49569 // 
            
            
            
            JVNDB: JVNDB-2020-007707 // 
            
            
            
            JVNDB: JVNDB-2020-007707 // 
            
            
            
            CNNVD: CNNVD-202008-1026 // 
            
            
            
            NVD: CVE-2020-16237

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01
Trust: 4.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16241
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16237
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16239
Trust: 1.6
url:https://jvn.jp/vu/jvnvu96372881/
Trust: 1.6
url:https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive
Trust: 1.0
url:https://www.auscert.org.au/bulletins/esb-2020.2874/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48556
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-16237
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-49569 // 
            
            
            
            JVNDB: JVNDB-2020-007707 // 
            
            
            
            JVNDB: JVNDB-2020-007707 // 
            
            
            
            CNNVD: CNNVD-202008-1026 // 
            
            
            
            NVD: CVE-2020-16237

SOURCES
db:CNVDid:CNVD-2020-49569
db:JVNDBid:JVNDB-2020-007707
db:JVNDBid:JVNDB-2020-007707
db:CNNVDid:CNNVD-202008-1026
db:NVDid:CVE-2020-16237

LAST UPDATE DATE
2025-06-05T23:16:18.326000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-49569date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2020-007707date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2020-007707date:2020-08-24T00:00:00
db:CNNVDid:CNNVD-202008-1026date:2021-01-05T00:00:00
db:NVDid:CVE-2020-16237date:2025-06-04T22:15:23.847

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-49569date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2020-007707date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2020-007707date:2020-08-24T00:00:00
db:CNNVDid:CNNVD-202008-1026date:2020-08-20T00:00:00
db:NVDid:CVE-2020-16237date:2020-08-21T13:15:13.600