CVE-2020-16198 Information

Description

Philips Clinical Collaboration Platform Versions 12.2.1 and prior. When an attacker claims to have a given identity the software does not prove or insufficiently proves the claim is correct.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Reference

https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

6.3