Details of VAR-202008-1235

ID

VAR-202008-1235

CVE

CVE-2020-16241

TITLE

Philips SureSigns VS4 access control error vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-49568

DESCRIPTION

Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Philips SureSigns VS4 is a vital signs monitor for monitoring the physiological parameters of patients. Philips SureSigns VS4 A.07.107 and earlier versions have an access control error vulnerability. Attackers can use this vulnerability to gain unauthorized access to resources

Trust: 1.44

sources: NVD: CVE-2020-16241 // CNVD: CNVD-2020-49568

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-49568

AFFECTED PRODUCTS

vendor:	philips	model:	suresigns vs4	scope:	lte	version:	a.07.107	Trust: 1.0
vendor:	philips	model:	suresigns vs4 <=a.07.107	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-49568 // NVD: CVE-2020-16241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-16241
value:	LOW
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2020-16241
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2020-49568
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202008-1024
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2020-16241
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2020-49568
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-16241
baseSeverity:	LOW
baseScore:	2.1
vectorString:	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	0.7
impactScore:	1.4
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2020-16241
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H
attackVector:	PHYSICAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.3
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2020-49568 // CNNVD: CNNVD-202008-1024 // NVD: CVE-2020-16241 // NVD: CVE-2020-16241

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0

sources: NVD: CVE-2020-16241

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202008-1024

EXTERNAL IDS

db:	ICS CERT	id:	ICSMA-20-233-01	Trust: 2.2
db:	NVD	id:	CVE-2020-16241	Trust: 2.2
db:	CNVD	id:	CNVD-2020-49568	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2874	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-1024	Trust: 0.6

sources: CNVD: CNVD-2020-49568 // CNNVD: CNNVD-202008-1024 // NVD: CVE-2020-16241

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01	Trust: 2.8
url:	https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive	Trust: 1.0
url:	https://www.auscert.org.au/bulletins/esb-2020.2874/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16241	Trust: 0.6

sources: CNVD: CNVD-2020-49568 // CNNVD: CNNVD-202008-1024 // NVD: CVE-2020-16241

SOURCES

db:	CNVD	id:	CNVD-2020-49568
db:	CNNVD	id:	CNNVD-202008-1024
db:	NVD	id:	CVE-2020-16241

LAST UPDATE DATE

2025-06-05T23:16:18.361000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-49568	date:	2020-08-31T00:00:00
db:	CNNVD	id:	CNNVD-202008-1024	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-16241	date:	2025-06-04T22:15:24.187

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-49568	date:	2020-08-31T00:00:00
db:	CNNVD	id:	CNNVD-202008-1024	date:	2020-08-20T00:00:00
db:	NVD	id:	CVE-2020-16241	date:	2020-08-21T13:15:13.880