Vulnerabilites related to Becton, Dickinson and Company (BD) - Pyxis MedStation ES System
CVE-2020-10598 (GCVE-0-2020-10598)
Vulnerability from cvelistv5
Published
2020-04-01 20:59
Modified
2024-08-04 11:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-693 - PROTECTION MECHANISM FAILURE
Summary
In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Becton, Dickinson and Company (BD) | Pyxis MedStation ES System |
Version: v1.6.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-091-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pyxis MedStation ES System",
"vendor": "Becton, Dickinson and Company (BD)",
"versions": [
{
"status": "affected",
"version": "v1.6.1"
}
]
},
{
"product": "Pyxis Anesthesia (PAS) ES System",
"vendor": "Becton, Dickinson and Company (BD)",
"versions": [
{
"status": "affected",
"version": "v1.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "PROTECTION MECHANISM FAILURE CWE-693",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T20:59:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-091-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-10598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pyxis MedStation ES System",
"version": {
"version_data": [
{
"version_value": "v1.6.1"
}
]
}
},
{
"product_name": "Pyxis Anesthesia (PAS) ES System",
"version": {
"version_data": [
{
"version_value": "v1.6.1"
}
]
}
}
]
},
"vendor_name": "Becton, Dickinson and Company (BD)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "PROTECTION MECHANISM FAILURE CWE-693"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-20-091-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-091-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10598",
"datePublished": "2020-04-01T20:59:36",
"dateReserved": "2020-03-16T00:00:00",
"dateUpdated": "2024-08-04T11:06:10.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}