ID
CVE
TITLE
Philips Made Clinical Collaboration Platform Multiple vulnerabilities in
sources:
JVNDB: JVNDB-2020-008764
DESCRIPTION
When an attacker claims to have a given identity,
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,
does not prove or insufficiently proves the claim is correct. Clinical Collaboration Platform Is Philips This is a medical image information system provided by the company. Clinical Collaboration Platform Is vulnerable to several vulnerabilities: * Cross-site request forgery (CWE-352) - CVE-2020-14506 *Web Improperly invalidating scripts in page tag attributes (CWE-83) - CVE-2020-14525 * Malfunction of protection mechanism (CWE-693) - CVE-2020-16198 * Algorithm downgrade (CWE-757) - CVE-2020-16200 * Environmental setting (CWE-16) - CVE-2020-16247The expected impact depends on each vulnerability, but it may be affected as follows. * When a user who logs in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2020-14506 * Arbitrary script is executed by the user who logged in to the product - CVE-2020-14525 * Authentication is bypassed and unauthorized access is made by an adjacent third party - CVE-2020-16198 * Adjacent third parties cause resource exhaustion and disrupt service operations (DoS) Be in a state - CVE-2020-16200 * Unauthorized access to sensitive information by a third party - CVE-2020-16247. No detailed vulnerability details are currently provided
sources:
NVD: CVE-2020-16198 //
JVNDB: JVNDB-2020-008764 //
CNVD: CNVD-2020-52881 //
VULHUB: VHN-169252
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | |
sources:
CNVD: CNVD-2020-52881
AFFECTED PRODUCTS
| vendor: | philips | model: | clinical collaboration platform | scope: | lte | version: | 12.2.1 | |
| vendor: | philips | model: | clinical collaboration platform | scope: | eq | version: | 12.2.1 | |
| vendor: | philips | model: | clinical collaboration platform | scope: | lte | version: | <=12.2.1 | |
sources:
CNVD: CNVD-2020-52881 //
JVNDB: JVNDB-2020-008764 //
NVD: CVE-2020-16198
CVSS
SEVERITY | CVSSV2 | CVSSV3 |
| IPA: | JVNDB-2020-008764 | |
|
| value: | MEDIUM | | | IPA: | JVNDB-2020-008764 | |
|
| value: | LOW | | | nvd@nist.gov: | CVE-2020-16198 | |
|
| value: | MEDIUM | | | ics-cert@hq.dhs.gov: | CVE-2020-16198 | |
|
| value: | MEDIUM | | | CNVD: | CNVD-2020-52881 | |
|
| value: | MEDIUM | | | VULHUB: | VHN-169252 | |
|
| value: | MEDIUM | |
| | nvd@nist.gov: | CVE-2020-16198 | |
|
| severity: | MEDIUM | | baseScore: | 5.8 | | vectorString: | AV:A/AC:L/AU:N/C:P/I:P/A:P | | accessVector: | ADJACENT_NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | 6.5 | | impactScore: | 6.4 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | CNVD: | CNVD-2020-52881 | |
|
| severity: | MEDIUM | | baseScore: | 6.8 | | vectorString: | AV:A/AC:H/AU:N/C:C/I:C/A:C | | accessVector: | ADJACENT_NETWORK | | accessComplexity: | HIGH | | authentication: | NONE | | confidentialityImpact: | COMPLETE | | integrityImpact: | COMPLETE | | availabilityImpact: | COMPLETE | | exploitabilityScore: | 3.2 | | impactScore: | 10.0 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | VULHUB: | VHN-169252 | |
|
| severity: | MEDIUM | | baseScore: | 5.8 | | vectorString: | AV:A/AC:L/AU:N/C:P/I:P/A:P | | accessVector: | ADJACENT_NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | 6.5 | | impactScore: | 6.4 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | |
| | nvd@nist.gov: | CVE-2020-16198 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 6.3 | | vectorString: | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | | attackVector: | ADJACENT | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | LOW | | integrityImpact: | LOW | | availabilityImpact: | LOW | | exploitabilityScore: | 2.8 | | impactScore: | 3.4 | | version: | 3.1 | | | ics-cert@hq.dhs.gov: | CVE-2020-16198 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 5.0 | | vectorString: | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | | attackVector: | ADJACENT | | attackComplexity: | HIGH | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | LOW | | integrityImpact: | LOW | | availabilityImpact: | LOW | | exploitabilityScore: | 1.6 | | impactScore: | 3.4 | | version: | 3.1 | | | IPA score: | JVNDB-2020-008764 | |
|
| baseSeverity: | LOW | | baseScore: | 3.4 | | vectorString: | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N | | attackVector: | LOCAL | | attackComplexity: | LOW | | privilegesRequired: | HIGH | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | LOW | | integrityImpact: | LOW | | availabilityImpact: | NONE | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | | | IPA score: | JVNDB-2020-008764 | |
|
| baseSeverity: | LOW | | baseScore: | 3.5 | | vectorString: | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | | attackVector: | ADJACENT NETWORK | | attackComplexity: | LOW | | privilegesRequired: | LOW | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | LOW | | integrityImpact: | NONE | | availabilityImpact: | NONE | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | | | IPA score: | JVNDB-2020-008764 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 5.0 | | vectorString: | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | | attackVector: | ADJACENT NETWORK | | attackComplexity: | HIGH | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | LOW | | integrityImpact: | LOW | | availabilityImpact: | LOW | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | | | IPA score: | JVNDB-2020-008764 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 6.5 | | vectorString: | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | | attackVector: | ADJACENT NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | NONE | | integrityImpact: | NONE | | availabilityImpact: | HIGH | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | | | IPA score: | JVNDB-2020-008764 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 6.8 | | vectorString: | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H | | attackVector: | LOCAL | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | NONE | | integrityImpact: | LOW | | availabilityImpact: | HIGH | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | |
|
sources:
CNVD: CNVD-2020-52881 //
VULHUB: VHN-169252 //
JVNDB: JVNDB-2020-008764 //
JVNDB: JVNDB-2020-008764 //
JVNDB: JVNDB-2020-008764 //
JVNDB: JVNDB-2020-008764 //
JVNDB: JVNDB-2020-008764 //
NVD: CVE-2020-16198 //
NVD: CVE-2020-16198
PROBLEMTYPE DATA
sources:
VULHUB: VHN-169252 //
NVD: CVE-2020-16198
CONFIGURATIONS
sources:
JVNDB: JVNDB-2020-008764
PATCH
| title: | Product Security | url: | https://www.usa.philips.com/healthcare/about/customer-support/product-security | |
| title: | Patch for Philips Clinical Collaboration Platform protection mechanism failure vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/234889 | |
sources:
CNVD: CNVD-2020-52881 //
JVNDB: JVNDB-2020-008764
EXTERNAL IDS
| db: | ICS CERT | id: | ICSMA-20-261-01 | |
| db: | NVD | id: | CVE-2020-16198 | |
| db: | JVN | id: | JVNVU94803567 | |
| db: | JVNDB | id: | JVNDB-2020-008764 | |
| db: | CNVD | id: | CNVD-2020-52881 | |
| db: | VULHUB | id: | VHN-169252 | |
sources:
CNVD: CNVD-2020-52881 //
VULHUB: VHN-169252 //
JVNDB: JVNDB-2020-008764 //
NVD: CVE-2020-16198
REFERENCES
| url: | https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01 | |
| url: | https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive | |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16200 | |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16247 | |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14506 | |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14525 | |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16198 | |
| url: | https://jvn.jp/vu/jvnvu94803567 | |
sources:
CNVD: CNVD-2020-52881 //
VULHUB: VHN-169252 //
JVNDB: JVNDB-2020-008764 //
NVD: CVE-2020-16198
SOURCES
| db: | CNVD | id: | CNVD-2020-52881 |
| db: | VULHUB | id: | VHN-169252 |
| db: | JVNDB | id: | JVNDB-2020-008764 |
| db: | NVD | id: | CVE-2020-16198 |
LAST UPDATE DATE
2025-06-05T23:07:39.577000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-52881 | date: | 2020-09-19T00:00:00 |
| db: | VULHUB | id: | VHN-169252 | date: | 2020-09-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-008764 | date: | 2020-09-24T00:00:00 |
| db: | NVD | id: | CVE-2020-16198 | date: | 2025-06-04T22:15:23.507 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-52881 | date: | 2020-09-19T00:00:00 |
| db: | VULHUB | id: | VHN-169252 | date: | 2020-09-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-008764 | date: | 2020-09-24T00:00:00 |
| db: | NVD | id: | CVE-2020-16198 | date: | 2020-09-18T18:15:16.957 |
