Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15797

A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (“kiosk mode”) and access the underlying operating system. Successful exploitation requires direct physical access to the system.

Published

2020-10-13T16:15:21.280

Last Modified

2024-11-21T05:06:12.010

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	dca_vantage_analyzer_firmware	< 4.5.0.0	Yes
Hardware	siemens	dca_vantage_analyzer	-	No

References

https://www.siemens-healthineers.com/support-documentation/security-advisory Vendor Advisory ([email protected])
https://www.siemens-healthineers.com/support-documentation/security-advisory Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)