CVE-2020-10598 - In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted de

CVE-2020-10598

Summary

In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data.

References

https://www.us-cert.gov/ics/advisories/icsma-20-091-01

Vulnerable Configurations

cpe:2.3:o:bd:pyxis_medstation_es_firmware:1.6.1:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_medstation_es_firmware:1.6.1:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medstation_es:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medstation_es:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:1.6.1:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:1.6.1:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*

CVSS

Base:	3.6 (as of 14-09-2021 - 13:35)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:N

refmap via4

misc

https://www.us-cert.gov/ics/advisories/icsma-20-091-01

Last major update

14-09-2021 - 13:35

Published

01-04-2020 - 21:15

Last modified

14-09-2021 - 13:35