Improper Check for Certificate Revocation

CVE-2020-16228

Medium

6.4/10

Summary

In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-299 - Improper Check for Certificate Revocation

The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

References

Advisory Timeline

Published Sep 11, 2020

Improper Check for Certificate Revocation

CVE-2020-16228

Summary

CWE-299 - Improper Check for Certificate Revocation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS