CVE-2020-10598

In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data.
References
Link Resource
https://www.us-cert.gov/ics/advisories/icsma-20-091-01 Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-20-091-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bd:pyxis_medstation_es_firmware:1.6.1:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medstation_es:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:1.6.1:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:55

Type Values Removed Values Added
References () https://www.us-cert.gov/ics/advisories/icsma-20-091-01 - Third Party Advisory, US Government Resource () https://www.us-cert.gov/ics/advisories/icsma-20-091-01 - Third Party Advisory, US Government Resource

14 Sep 2021, 13:35

Type Values Removed Values Added
CWE CWE-200 NVD-CWE-Other

Information

Published : 2020-04-01 21:15

Updated : 2024-11-21 04:55


NVD link : CVE-2020-10598

Mitre link : CVE-2020-10598

CVE.ORG link : CVE-2020-10598


JSON object : View

Products Affected

bd

  • pyxis_anesthesia_station_es_firmware
  • pyxis_medstation_es_firmware
  • pyxis_medstation_es
  • pyxis_anesthesia_station_es
CWE
CWE-693

Protection Mechanism Failure

NVD-CWE-Other