Sign-up

ID

VAR-202008-0372


CVE

CVE-2020-16239


TITLE

Philips SureSigns VS4 authorization issue vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-49567

DESCRIPTION

When an actor claims to have a given identity, Philips SureSigns VS4, A.07.107 and prior does not prove or insufficiently proves the claim is correct. Philips SureSigns VS4 is a vital signs monitor for monitoring the physiological parameters of patients. Philips SureSigns VS4 A.07.107 and earlier versions have an authorization issue vulnerability. The vulnerability stems from the product's failure to correctly verify the user's alleged identity. There is currently no detailed vulnerability details provided

Trust: 1.44

sources: NVD: CVE-2020-16239 // CNVD: CNVD-2020-49567

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-49567

AFFECTED PRODUCTS

vendor:philipsmodel:suresigns vs4scope:lteversion:a.07.107

Trust: 1.0

vendor:philipsmodel:suresigns vs4 <=a.07.107scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-49567 // NVD: CVE-2020-16239

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-16239
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2020-16239
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2020-49567
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202008-1019
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-16239
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-49567
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-16239
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2020-49567 // CNNVD: CNNVD-202008-1019 // NVD: CVE-2020-16239 // NVD: CVE-2020-16239

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

sources: NVD: CVE-2020-16239

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-1019

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202008-1019

EXTERNAL IDS

db:NVDid:CVE-2020-16239

Trust: 2.2

db:ICS CERTid:ICSMA-20-233-01

Trust: 2.2

db:CNVDid:CNVD-2020-49567

Trust: 0.6

db:AUSCERTid:ESB-2020.2874

Trust: 0.6

db:CNNVDid:CNNVD-202008-1019

Trust: 0.6

sources: CNVD: CNVD-2020-49567 // CNNVD: CNNVD-202008-1019 // NVD: CVE-2020-16239

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01

Trust: 2.8

url:https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive

Trust: 1.0

url:https://www.auscert.org.au/bulletins/esb-2020.2874/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-16239

Trust: 0.6

sources: CNVD: CNVD-2020-49567 // CNNVD: CNNVD-202008-1019 // NVD: CVE-2020-16239

SOURCES

db:CNVDid:CNVD-2020-49567
db:CNNVDid:CNNVD-202008-1019
db:NVDid:CVE-2020-16239

LAST UPDATE DATE

2025-06-05T23:16:18.384000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-49567date:2020-08-31T00:00:00
db:CNNVDid:CNNVD-202008-1019date:2021-01-05T00:00:00
db:NVDid:CVE-2020-16239date:2025-06-04T22:15:24.027

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-49567date:2020-08-31T00:00:00
db:CNNVDid:CNNVD-202008-1019date:2020-08-20T00:00:00
db:NVDid:CVE-2020-16239date:2020-08-21T13:15:13.787