CVE-2020-16237

Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.

CVSS v3 2.1 LOW
CVSS v2.0 2.1 LOW

2.1^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.7 / Impact : 1.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01	Third Party Advisory US Government Resource
https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive
https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:philips:suresigns_vs4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:philips:suresigns_vs4:-:*:*:*:*:*:*:*

History

04 Jun 2025, 22:15

Type	Values Removed	Values Added
Summary	(en) Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.	(en) Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
References		() https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive -

Information

Published : 2020-08-21 13:15

Updated : 2025-06-04 22:15

NVD link : CVE-2020-16237

Mitre link : CVE-2020-16237

CVE.ORG link : CVE-2020-16237

JSON object : View

Products Affected

philips

suresigns_vs4
suresigns_vs4_firmware

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2020-16237", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.1, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.1, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.7}]}, "published": "2020-08-21T13:15:13.600", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."}, {"lang": "es", "value": "Philips SureSigns versiones VS4, A.07.107 y anteriores. El producto recibe una entrada o datos, pero no comprueba o comprueba incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos segura y correctamente."}], "lastModified": "2025-06-04T22:15:23.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:philips:suresigns_vs4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD053F85-5CCB-4848-98A8-B35512CF69CB", "versionEndIncluding": "a.07.107"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:philips:suresigns_vs4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4EDE9FA8-A0BF-44DE-A4B0-BCEC98A93196"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}