Login Sign Up

CVE-2020-16216

6.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in Philips IntelliVue patient monitors allows attackers to cause denial-of-service through system restarts by sending malformed input that isn't properly validated. It affects multiple IntelliVue monitor models and X2/X3 versions, potentially disrupting critical patient monitoring in healthcare settings.

💻 Affected Systems

Products:
  • IntelliVue MX100
  • IntelliVue MX400-550
  • IntelliVue MX600
  • IntelliVue MX700
  • IntelliVue MX750
  • IntelliVue MX800
  • IntelliVue MX850
  • IntelliVue MP2-MP90
  • IntelliVue X2
  • IntelliVue X3
Versions: Versions N and prior
Operating Systems: Embedded medical device OS
Default Config Vulnerable: ⚠️ Yes
Notes: All affected devices in default configuration are vulnerable. These are medical monitoring devices typically deployed in hospital environments.

📦 What is this software?

Intellivue Mp2 Mp90 Firmware by Philips

View all CVEs affecting Intellivue Mp2 Mp90 Firmware →

Intellivue Mx100 Firmware by Philips

View all CVEs affecting Intellivue Mx100 Firmware →

Intellivue Mx400 Firmware by Philips

View all CVEs affecting Intellivue Mx400 Firmware →

Intellivue Mx550 Firmware by Philips

View all CVEs affecting Intellivue Mx550 Firmware →

Intellivue Mx600 Firmware by Philips

View all CVEs affecting Intellivue Mx600 Firmware →

Intellivue Mx700 Firmware by Philips

View all CVEs affecting Intellivue Mx700 Firmware →

Intellivue Mx750 Firmware by Philips

View all CVEs affecting Intellivue Mx750 Firmware →

Intellivue Mx800 Firmware by Philips

View all CVEs affecting Intellivue Mx800 Firmware →

Intellivue Mx850 Firmware by Philips

View all CVEs affecting Intellivue Mx850 Firmware →

Intellivue X2 Firmware by Philips

View all CVEs affecting Intellivue X2 Firmware →

Intellivue X3 Firmware by Philips

View all CVEs affecting Intellivue X3 Firmware →

Patient Information Center Ix by Philips

View all CVEs affecting Patient Information Center Ix →

Patient Information Center Ix by Philips

View all CVEs affecting Patient Information Center Ix →

Patient Information Center Ix by Philips

View all CVEs affecting Patient Information Center Ix →

Performancebridge Focal Point by Philips

View all CVEs affecting Performancebridge Focal Point →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical patient monitoring disruption during medical procedures, potentially leading to delayed clinical interventions if monitors restart unexpectedly.

🟠

Likely Case

Temporary monitoring interruption requiring manual restart of affected devices, causing workflow disruption for healthcare staff.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring, with quick recovery through device restart procedures.

🌐 Internet-Facing: LOW - These medical devices should never be directly internet-facing in proper healthcare network architecture.
🏢 Internal Only: MEDIUM - Risk exists within healthcare networks where attackers could gain internal access to medical device VLANs.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The advisory suggests unauthenticated exploitation is possible via network input. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after N (contact Philips for specific version information)

Vendor Advisory: https://www.philips.com/productsecurity

Restart Required: Yes

Instructions:

1. Contact Philips Healthcare support for firmware updates. 2. Schedule maintenance window for device updates. 3. Apply firmware updates following Philips documentation. 4. Verify device functionality post-update. 5. Document update completion.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate patient monitors on dedicated medical device VLANs with strict access controls

Network Monitoring

all

Implement network monitoring and intrusion detection for medical device networks

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate patient monitors from general hospital networks
  • Deploy network monitoring with alerting for unusual traffic patterns to/from medical devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via device menu: System Information > Software Version. Compare against Philips advisory.

Check Version:

Navigate device menu: Menu > System Information > Software Version (device-specific menu navigation)

Verify Fix Applied:

Verify firmware version is updated beyond version N via device System Information menu and confirm no unexpected restarts occur during monitoring.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected device restarts
  • System log entries indicating abnormal input processing
  • Network connection drops followed by device reboots

Network Indicators:

  • Unusual network traffic patterns to medical device IPs
  • Multiple connection attempts to device ports
  • Malformed packets sent to patient monitor IP addresses

SIEM Query:

source="medical_device_logs" AND (event_type="unexpected_restart" OR event_type="system_reboot")

📊 Metadata

CVE ID: CVE-2020-16216
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
Published: September 11, 2020
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-16216, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)