CVE-2020-15797
MEDIUMSiemens DCA Vantage Analyzer Firmware < 4.5.0.0 - Unauthenticated Privilege Escalation via Kiosk Mode Escape
Title source: llmDescription
A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (“kiosk mode”) and access the underlying operating system. Successful exploitation requires direct physical access to the system.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.siemens-healthineers.com/support-documentation/security-advisory
Scores
CVSS v3
6.8
EPSS
0.0028
EPSS Percentile
51.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
siemens/dca_vantage_analyzer_firmware
< 4.5.0.0
Published
Oct 13, 2020
Tracked Since
Feb 18, 2026