Vulnerabilities > CVE-2020-10598 - Unspecified vulnerability in BD products

CVSS 6.1 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

low complexity

NVD

Published: 2020-04-01

Updated: 2021-09-14

Summary

In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data.

Vulnerable Configurations

Part	Description	Count
OS	Bd BD Pyxis Medstation ES Firmware 1.6.1 BD Pyxis Anesthesia Station ES Firmware 1.6.1	2
Hardware	Bd BD Pyxis Medstation ES - BD Pyxis Anesthesia Station ES -	2

References

https://www.us-cert.gov/ics/advisories/icsma-20-091-01