CVE-2020-10598
CVE-2020-10598
In short
BD Pyxis medical devices running version 1.6.1 have a security flaw that allows users to break out of the restricted kiosk mode by sending specially crafted inputs, potentially exposing sensitive patient data and system information.
Technical detail
A restricted desktop environment escape vulnerability exists in the kiosk mode of BD Pyxis MedStation ES and Pyxis Anesthesia ES v1.6.1, where an authenticated local user can exploit specially crafted inputs to bypass confinement controls and gain unauthorized access to sensitive data on the device.
Summary generated and translated by AI from the official description.
In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data.
Affected products
Becton, Dickinson and Company (BD) · Pyxis Anesthesia (PAS) ES SystemBecton, Dickinson and Company (BD) · Pyxis MedStation ES SystemWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →