Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-10598


In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data.


Published

2020-04-01T21:15:13.880

Last Modified

2024-11-21T04:55:40.320

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

4.9

Weaknesses
  • Type: Secondary
    CWE-693
  • Type: Primary
    NVD-CWE-Other

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System bd pyxis_medstation_es_firmware 1.6.1 Yes
Hardware bd pyxis_medstation_es - No
Operating System bd pyxis_anesthesia_station_es_firmware 1.6.1 Yes
Hardware bd pyxis_anesthesia_station_es - No

References