CVE-2020-7590

MEDIUM

DCA Vantage Analyzer <4.5 - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Affected devices use a hard-coded password to protect the onboard database. This could allow an attacker to read and or modify the onboard database. Successful exploitation requires direct physical access to the device.

References (1)

[Vendor Advisory] https://www.siemens-healthineers.com/support-documentation/security-advisory

Scores

CVSS v3 6.8

EPSS 0.0013

EPSS Percentile 32.0%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-259

Status published

Products (1)

siemens/dca_vantage_analyzer_firmware < 4.5.0.0

Published Oct 13, 2020

Tracked Since Feb 18, 2026