Risk | Low |
Patch available | NO |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-10598 |
CWE-ID | CWE-693 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Pyxis Anesthesia (PAS) ES Hardware solutions / Medical equipment Pyxis MedStation ES System Hardware solutions / Medical equipment |
Vendor | Becton, Dickinson and Company (BD) |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU26529
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-10598
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in the "kiosk mode" functionality. An attacker with physical access can use a specially crafted input, bypass implemented security restrictions and view and/or modify sensitive data.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPyxis Anesthesia (PAS) ES: 1.6.1
Pyxis MedStation ES System: 1.6.1
External linkshttp://www.us-cert.gov/ics/advisories/icsma-20-091-01
http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/bd-pyxis-medstation-and-anesthesia-(pas)-es-system-kiosk-mode-escape
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.