Description
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor.
Published: 2026-06-01
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dräger Infinity Explorer C700 permits an attacker to escape the enforced kiosk mode by interacting with a particular dialog, allowing the attacker to gain full control over the underlying operating system. This flaw, classified as CWE-451, enables malicious actors to override patient information displayed by connected Delta Family patient monitors, potentially causing incorrect or absent data to be shown. The capability to take complete system control introduces substantial risk to patient safety and operational integrity.

Affected Systems

The affected product is Dräger Infinity Explorer C700. No additional version or component details are provided in the advisory; thus, all installations of this model are presumed vulnerable as described.

Risk and Exploitability

With a CVSS score of 8.6 the vulnerability is considered high severity, yet EPSS data is unavailable and it is not listed in the CISA KEV catalog. The described attack requires interaction with the device's kiosk interface—likely local or requiring an authenticated user—to trigger the dialog that bypasses kiosk mode. Once compromised, an attacker can execute arbitrary commands on the operating system, modify patient data presentation, or cause the device to malfunction.

Generated by OpenCVE AI on June 1, 2026 at 23:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Dräger security webpage for any available patch or firmware update that addresses the kiosk mode bypass.
  • If no official patch is released, disable the dialog that causes the kiosk escape or enforce strict kiosk mode controls through device configuration.
  • Monitor device logs for evidence of kiosk mode escape attempts and apply physical security controls to restrict local access to the device.

Generated by OpenCVE AI on June 1, 2026 at 23:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://static.draeger.com/security cve-icon cve-icon
History

Tue, 02 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Draeger
Draeger infinity Explorer C700
Vendors & Products Draeger
Draeger infinity Explorer C700

Mon, 01 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor.
Title Dräger Infinity Explorer C700 Privilege Escalation via Kiosk Mode Bypass
Weaknesses CWE-451
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Draeger Infinity Explorer C700
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-02T12:29:05.596Z

Reserved: 2026-06-01T21:36:41.544Z

Link: CVE-2019-25718

cve-icon Vulnrichment

Updated: 2026-06-02T12:28:59.427Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-01T23:16:13.270

Modified: 2026-06-02T14:50:44.670

Link: CVE-2019-25718

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T14:45:10Z

Weaknesses