CVE-2020-7590

Published: Oct 13, 2020Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Affected devices use a hard-coded password to protect the onboard database. This could allow an attacker to read and or modify the onboard database. Successful exploitation requires direct physical access to the device.

Affected (1)

Products: Siemens: Dca Vantage Analyzer Firmware

1 product

Dca Vantage Analyzer Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Dca Vantage Analyzer Firmware	Before 4.5.0.0

Running on/with	Platform Versions
Siemens Dca Vantage Analyzer	All versions

Related CWEs

Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

References (2)

https://www.siemens-healthineers.com/support-documentation/security-advisory

Source: productcert@siemens.com

Vendor Advisory

https://www.siemens-healthineers.com/support-documentation/security-advisory

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.