Full Report
HiMed Cockpit devices before V11.6.2 contain a Kiosk Mode Escape vulnerability that could allow an attacker to escape the restricted environment and gain access to the underlying operating system. Siemens has released a new version for the HiMed Cockpit devices and recommends to update to the latest version.
Analysis Summary
# Vulnerability: HiMed Cockpit Kiosk Mode Escape
## CVE Details
- CVE ID: CVE-2023-52952
- CVSS Score: 8.5 (High) for CVSS v3.1; 9.3 (Critical) for CVSS v4.0
- CWE: CWE-424: Improper Protection of Alternate Path
## Affected Systems
- Products: HiMed Cockpit, HiMed Cockpit 12 pro (J31032-K2017-H259)
- Versions: All versions before V11.6.2 (Specifically notes V11.5.1 up to, but not including, V11.6.2)
- Configurations: Affects the Kiosk Mode restricted environment.
## Vulnerability Description
The Kiosk Mode implemented on the affected HiMed Cockpit devices contains a vulnerability that allows an unauthenticated local attacker to escape the restricted desktop environment. Successful exploitation grants the attacker access to the underlying operating system.
## Exploitation
- Status: No explicit mention of "exploited in the wild," but the description implies the potential for active abuse given the lack of required privileges. (Assumed PoC available or technically feasible due to high CVSS and local attack vector).
- Complexity: Low (CVSS AV:L/AC:L)
- Attack Vector: Local (AV:L)
## Impact
- Confidentiality: Low (C:L)
- Integrity: Low (I:L)
- Availability: High (A:H)
## Remediation
### Patches
- Update to **V11.6.2 or later version**.
- Users should contact customer support to receive patch and update information.
### Workarounds
- Apply general security recommendations, including protecting network access to devices with appropriate mechanisms.
- Configure the operating environment according to Siemens' operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Not explicitly detailed in the advisory, but unauthorized access or execution of processes outside the intended Kiosk Mode application environment should be investigated.
- **Detection Methods and Tools:** Monitoring system logs for unusual activity originating from the Kiosk environment or attempts to access OS-level functions.
## References
- Siemens Security Advisory SSA-540493: [https://cert-portal.siemens.com/productcert/html/ssa-540493.html](https://cert-portal.siemens.com/productcert/html/ssa-540493.html)