CVE-2020-10598
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data.
En BD Pyxis MedStation ES System versión v1.6.1 y Pyxis Anesthesia (PAS) ES System versión v1.6.1, presenta una vulnerabilidad de escape de entorno de escritorio restringido en la funcionalidad de kiosk mode de los dispositivos afectados. Unas entradas especialmente diseñadas pueden permitir al usuario escapar del entorno restringido, resultando en el acceso a datos confidenciales.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-03-16 CVE Reserved
- 2020-04-01 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-693: Protection Mechanism Failure
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsma-20-091-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bd Search vendor "Bd" | Pyxis Medstation Es Firmware Search vendor "Bd" for product "Pyxis Medstation Es Firmware" | 1.6.1 Search vendor "Bd" for product "Pyxis Medstation Es Firmware" and version "1.6.1" | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Medstation Es Search vendor "Bd" for product "Pyxis Medstation Es" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Anesthesia Station Es Firmware Search vendor "Bd" for product "Pyxis Anesthesia Station Es Firmware" | 1.6.1 Search vendor "Bd" for product "Pyxis Anesthesia Station Es Firmware" and version "1.6.1" | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Anesthesia Station Es Search vendor "Bd" for product "Pyxis Anesthesia Station Es" | - | - |
Safe
|