CVE-2020-16241 - Vulnerability Details - OpenCVE

Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Philips	Suresigns Vs4 Suresigns Vs4 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:philips:suresigns_vs4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:philips:suresigns_vs4:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01
https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive

History

Wed, 04 Jun 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description	Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.	Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Title		Philips SureSigns VS4 Improper Access Control
References		https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive
Metrics	cvssV3_1 `{'score': 2.1, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}`	cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2020-08-21T12:15:31

Updated: 2025-06-04T21:34:45.706Z

Reserved: 2020-07-31T00:00:00

Link: CVE-2020-16241

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-08-21T13:15:13.880

Modified: 2025-06-04T22:15:24.187

Link: CVE-2020-16241

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SureSigns VS4", "vendor": "Philips", "versions": [{"lessThan": "A.07.107", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Cleveland Clinic reported these vulnerabilities to Philips."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Philips SureSigns VS4, A.07.107 and prior \ndoes not restrict or incorrectly restricts access to a resource from an unauthorized actor.\n\n</p>"}], "value": "Philips SureSigns VS4, A.07.107 and prior \ndoes not restrict or incorrectly restricts access to a resource from an unauthorized actor."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-06-04T21:34:45.706Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"}, {"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"}], "source": {"advisory": "ICSMA-20-233-01", "discovery": "EXTERNAL"}, "title": "Philips SureSigns VS4 Improper Access Control", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.<br><br>\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\">Philips service support or regional service support</a> or call 1-800-722-9377.<br><br>\nPlease see the <a target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\">Philips advisory</a> for vulnerabilities discussed in this disclosure, and visit the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\">Philips product security website</a> for the latest security information for Philips products.\n\n<br>"}], "value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.\n\n\nUsers with questions regarding specific SureSigns VS4 patient monitor installations and upgrade options should contact Philips service support or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or call 1-800-722-9377.\n\n\nPlease see the Philips advisory http://www.philips.com/productsecurity for vulnerabilities discussed in this disclosure, and visit the Philips product security website https://www.philips.com/productsecurity for the latest security information for Philips products."}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-16237", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Philips SureSigns VS4", "version": {"version_data": [{"version_value": "A.07.107 and prior"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "IMPROPER INPUT VALIDATION CWE-20"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:37:54.195Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-16241", "datePublished": "2020-08-21T12:15:31", "dateReserved": "2020-07-31T00:00:00", "dateUpdated": "2025-06-04T21:34:45.706Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:philips:suresigns_vs4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD053F85-5CCB-4848-98A8-B35512CF69CB", "versionEndIncluding": "a.07.107", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:philips:suresigns_vs4:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EDE9FA8-A0BF-44DE-A4B0-BCEC98A93196", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Philips SureSigns VS4, A.07.107 and prior \ndoes not restrict or incorrectly restricts access to a resource from an unauthorized actor."}, {"lang": "es", "value": "Philips SureSigns versiones VS4, A.07.107 y anteriores. El software no restringe o restringe incorrectamente el acceso a un recurso desde un actor no autorizado."}], "id": "CVE-2020-16241", "lastModified": "2025-06-04T22:15:24.187", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.3, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-21T13:15:13.880", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}