Vulnerability Identified in BD Pyxis MedStation and Pyxis Anesthesia (PAS) ES System
Becton, Dickinson and Company (BD) has identified a medium severity vulnerability in version 1.6.1 of the BD Pyxis MedStation medication dispensing system and the Pyxis Anesthesia (PAS) ES System of its anesthesia carts. If exploited, the vulnerability would allow an attacker to gain access to sensitive data.
BD devices use a software application implementation called kiosk mode. When in kiosk mode, restrictions are in place that limit the actions that can be performed. The vulnerability is a protection mechanism failure (CWE-693) which could allow an attacker to escape the restricted desktop environment, which would allow sensitive data to be accessed and altered.
The vulnerability only requires a low level of skill to exploit, but exploitation would require physical access to a vulnerable device. BD has performed a risk evaluation and has determined the risk of exploitation is low. As such, the vulnerability has been assigned a CVSS v3 base score of 6.8 out of 10.
BD is proactive in assessing its products to identify security vulnerabilities. The company operates with transparency and communicates security issues to customers in a timely fashion to allow them to take steps to effectively manage risk. While the vulnerability could potentially result in information disclosure, due to the low risk of exploitation customers have been advised not to discontinue use as the benefits of using the devices far outweigh the risk.
Get The Checklist
Free and Immediate Download
of HIPAA Compliance Checklist
Delivered via email so verify your email address is correct.
Your Privacy Respected
BD is in the process of deploying an update for the affected products which will strengthen kiosk mode and make it harder for currently known methods of kiosk escape to be used. Until the update is applied to vulnerable devices, BD has offered mitigations that will limit exploitation. Hospitals using the affected devices should limit physical access to the devices to authorized personnel, impacted systems should be isolated and only connected to trusted systems, and the devices should be monitored for unplanned reboots using network monitoring tools.