Description
A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro+ (J31032-K2017-H436) (All versions >= V11.5.1 < V11.6.2). The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system.
References (1)
Core 1
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-540493.html
Scores
CVSS v3
8.5
EPSS
0.0007
EPSS Percentile
21.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-424
Status
published
Products (4)
Siemens/HiMed Cockpit 12 pro
V11.5.1 - V11.6.2
Siemens/HiMed Cockpit 14 pro+
V11.5.1 - V11.6.2
Siemens/HiMed Cockpit 18 pro
V11.5.1 - V11.6.2
Siemens/HiMed Cockpit 18 pro+
V11.5.1 - V11.6.2
Published
Oct 08, 2024
Tracked Since
Feb 18, 2026