CVE-2020-15797

Published: Oct 13, 2020Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (“kiosk mode”) and access the underlying operating system. Successful exploitation requires direct physical access to the system.

Affected (1)

Products: Siemens: Dca Vantage Analyzer Firmware

1 product

Dca Vantage Analyzer Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Dca Vantage Analyzer Firmware	Before 4.5.0.0

Running on/with	Platform Versions
Siemens Dca Vantage Analyzer	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.siemens-healthineers.com/support-documentation/security-advisory

Source: productcert@siemens.com

Vendor Advisory

https://www.siemens-healthineers.com/support-documentation/security-advisory

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.