CVE-2020-10598

MEDIUM

BD Pyxis MedStation ES <1.6.1 - Privilege Escalation

Title source: llm
STIX 2.1

Description

In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsma-20-091-01

Scores

CVSS v3 6.1
EPSS 0.0033
EPSS Percentile 25.1%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-693
Status published
Products (2)
bd/pyxis_anesthesia_station_es_firmware 1.6.1
bd/pyxis_medstation_es_firmware 1.6.1
Published Apr 01, 2020
Tracked Since Feb 18, 2026