{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Clinical Collaboration Platform", "vendor": "Philips", "versions": [{"lessThan": "12.2.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Northridge Hospital Medical Center reported these vulnerabilities to Philips."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, \n\n\nexposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.\n\n</p>"}], "value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, \n\n\nexposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-16", "description": "CWE-16", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-06-04T21:24:46.327Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}, {"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p></p><p>\nPhilips Clinical Collaboration Platform Version 12.2.5 was released in May 2020 to remediate CVE-2020-16247.</p>\n\n<p></p><p>Users with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\">Philips service support, or regional service support</a>, or call 1-877-328-2808, option 4.</p><p>The Philips advisory and the latest security information for Philips products are available at the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\">Philips product security website</a>.\n\n<br></p>"}], "value": "Philips Clinical Collaboration Platform Version 12.2.5 was released in May 2020 to remediate CVE-2020-16247.\n\n\n\n\n\nUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact Philips service support, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-877-328-2808, option 4.\n\nThe Philips advisory and the latest security information for Philips products are available at the Philips product security website https://www.philips.com/productsecurity ."}], "source": {"advisory": "ICSMA-20-261-01", "discovery": "EXTERNAL"}, "title": "Philips Clinical Collaboration Platform Configuration", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-14506", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Philips Clinical Collaboration Platform", "version": {"version_data": [{"version_value": "Versions 12.2.1 and prior"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:37:54.157Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-16247", "datePublished": "2020-09-18T17:55:24", "dateReserved": "2020-07-31T00:00:00", "dateUpdated": "2025-06-04T21:24:46.327Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:clinical_collaboration_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "53A1D5DF-AD61-4A42-8021-C0FFBCB98144", "versionEndIncluding": "12.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, \n\n\nexposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource."}, {"lang": "es", "value": "Philips Clinical Collaboration Platform, versiones 12.2.1 y anteriores.&#xa0;El producto expone un recurso a la esfera de control incorrecta, proporcionando a los actores no deseados un acceso inapropiado al recurso"}], "id": "CVE-2020-16247", "lastModified": "2025-06-04T22:15:24.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.2, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-18T18:15:17.113", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}