CVE-2023-52952

Summary

A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro+ (J31032-K2017-H436) (All versions >= V11.5.1 < V11.6.2). The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
SiemensHiMed Cockpit 12 proV11.5.1 < V11.6.2affected
SiemensHiMed Cockpit 14 pro+V11.5.1 < V11.6.2affected
SiemensHiMed Cockpit 18 proV11.5.1 < V11.6.2affected
SiemensHiMed Cockpit 18 pro+V11.5.1 < V11.6.2affected

Weaknesses

  • CWE-424: CWE-424: Improper Protection of Alternate Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References