Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-7590

A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Affected devices use a hard-coded password to protect the onboard database. This could allow an attacker to read and or modify the onboard database. Successful exploitation requires direct physical access to the device.

Published

2020-10-13T16:15:21.780

Last Modified

2024-11-21T05:37:25.887

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-259

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	dca_vantage_analyzer_firmware	< 4.5.0.0	Yes
Hardware	siemens	dca_vantage_analyzer	-	No

References

https://www.siemens-healthineers.com/support-documentation/security-advisory Vendor Advisory ([email protected])
https://www.siemens-healthineers.com/support-documentation/security-advisory Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)