Unauthenticated Escape Vulnerability in HiMed Cockpit
CVE-2023-52952
8.5HIGH
Key Information
- Vendor
- Siemens
- Status
- Himed Cockpit 12 Pro
- Himed Cockpit 14 Pro+
- Himed Cockpit 18 Pro
- Himed Cockpit 18 Pro+
- Vendor
- CVE Published:
- 8 October 2024
Summary
A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro+ (J31032-K2017-H436) (All versions >= V11.5.1 < V11.6.2). The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system.
Affected Version(s)
HiMed Cockpit 12 pro < V11.5.1
HiMed Cockpit 14 pro+ < V11.5.1
HiMed Cockpit 18 pro < V11.5.1
Refferences
CVSS V3.1
Score:
8.5
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database