Unauthenticated Escape Vulnerability in HiMed Cockpit

CVE-2023-52952

8.5HIGH

Key Information

Vendor
Siemens
Status
Himed Cockpit 12 Pro
Himed Cockpit 14 Pro+
Himed Cockpit 18 Pro
Himed Cockpit 18 Pro+
Vendor
CVE Published:
8 October 2024

Summary

A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro+ (J31032-K2017-H436) (All versions >= V11.5.1 < V11.6.2). The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system.

Affected Version(s)

HiMed Cockpit 12 pro < V11.5.1

HiMed Cockpit 14 pro+ < V11.5.1

HiMed Cockpit 18 pro < V11.5.1

Refferences

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.