Unauthenticated Escape Vulnerability in HiMed Cockpit

CVE-2023-52952

8.5HIGH

Key Information

Vendor: Siemens
Status: Himed Cockpit 12 Pro; Himed Cockpit 14 Pro+; Himed Cockpit 18 Pro; Himed Cockpit 18 Pro+
Vendor: CVE Published:; 8 October 2024

Summary

A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro+ (J31032-K2017-H436) (All versions >= V11.5.1 < V11.6.2). The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system.

Affected Version(s)

HiMed Cockpit 12 pro < V11.5.1

HiMed Cockpit 14 pro+ < V11.5.1

HiMed Cockpit 18 pro < V11.5.1

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Oct 8, 2024
Vulnerability Reserved.
Oct 2, 2024

Collectors

NVD DatabaseMitre Database