Siemens reports a critical vulnerability in HiMed Cockpit
Take action: This one is easy decision - it's a Kiosk device, accessible in hallways to unauthorized users so it should always be secure. You can't monitor everything a random person does on a kiosk. Time to engage your team and update the HiMed Cockpit software.
Learn More
Siemens reports a critical vulnerability in its HiMed Cockpit product that allows attackers to escape the restricted desktop environment (Kiosk Mode) and gain access to the underlying operating system.
Siemens HiMed Cockpit, is a multimedia kiosk terminal used in healthcare environments,
The flaw is tracked as CVE-2023-52952 (CVSS score 9.3) - allows an unauthenticated local attacker to escape the restricted desktop environment in Kiosk Mode and gain access to the underlying operating system. Successful exploitation could lead to unauthorized full access to the operating systemand the potential for further system compromise, including loss of confidentiality, integrity, and availability. Attackers could cause significant harm, such as system crashes or unauthorized modifications.
The following versions are affected:
- HiMed Cockpit 12 pro (J31032-K2017-H259): Versions V11.5.1 up to, but not including, V11.6.2.
- HiMed Cockpit 14 pro+ (J31032-K2017-H435): Versions V11.5.1 up to, but not including, V11.6.2.
- HiMed Cockpit 18 pro (J31032-K2017-H260): Versions V11.5.1 up to, but not including, V11.6.2.
- HiMed Cockpit 18 pro+ (J31032-K2017-H436): Versions V11.5.1 up to, but not including, V11.6.2.
Siemens has released updates to address this vulnerability, and the affected products should be updated to the following versions or later:
- HiMed Cockpit 12 pro: Update to V11.6.2 or later.
- HiMed Cockpit 14 pro+: Update to V11.6.2 or later.
- HiMed Cockpit 18 pro: Update to V11.6.2 or later.
- HiMed Cockpit 18 pro+: Update to V11.6.2 or later.
