← Back to home
ICSMA-20-091-01  ·  Published 2020-03-31  ·  View on CISA ICS-CERT ↗

BD Pyxis MedStation and Pyxis Anesthesia (PAS) ES System

CVSS 6.8 MEDIUM

Risk Summary

The affected BD medical devices utilize a method of software application implementation called kiosk mode. This kiosk mode is vulnerable to local breakouts, which could allow an attacker with physical access to bypass kiosk mode and view and/or modify sensitive data.

CVEs (1)

Remediations

  • BD recommends the following mitigations and compensating controls in order to reduce risk associated with this vulnerability:
  • Additionally, BD is in the process of deploying a security update that strengthens kiosk mode to limit currently known methods of kiosk escape in Pyxis MedStation and Pyxis Anesthesia (PAS) ES System Version 1.6.1. Access to tools for viewing or manipulating local resources will be restricted.
  • For more information on this issue, please see the associated BD product security bulletin on the BD website.

Affected Vendors

Becton, Dickinson and Company (BD)

Affected Products (2)

Becton, Dickinson and Company (BD) · Pyxis Anesthesia (PAS) ES System 1.6.1
Becton, Dickinson and Company (BD) · Pyxis MedStation ES System 1.6.1

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more