Main Vulnerability Database SB2020040205

SB2020040205 - Multiple vulnerabilities in BD Pyxis MedStation ES System and Pyxis Anesthesia (PAS) ES System

Published: April 2, 2020

Security Bulletin ID SB2020040205

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Protection Mechanism Failure (CVE-ID: CVE-2020-10598)

The vulnerability allows a local attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures in the "kiosk mode" functionality. An attacker with physical access can use a specially crafted input, bypass implemented security restrictions and view and/or modify sensitive data.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.us-cert.gov/ics/advisories/icsma-20-091-01
https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/bd-pyxis-medstation-and-anesthesia-(pas)-es-system-kiosk-mode-escape