CVE-2020-16212

Name of the Vulnerable Software and Affected Versions Patient Information Center iX (PICiX) versions B.02, C.02, C.03

Description The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.

Recommendations For versions B.02, C.02, C.03, consider restricting access to the resource and implementing additional security measures to prevent local breakouts and unauthorized access. As a temporary workaround, consider disabling the kiosk mode on the surveillance station until a patch is available. Restrict physical access to the surveillance station to minimize the risk of exploitation.