{"containers": {"cna": {"affected": [{"product": "DCA Vantage Analyzer", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (\u201ckiosk mode\u201d) and access the underlying operating system. Successful exploitation requires direct physical access to the system."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-13T15:30:19.000Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.siemens-healthineers.com/support-documentation/security-advisory"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-15797", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DCA Vantage Analyzer", "version": {"version_data": [{"version_value": "All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (\u201ckiosk mode\u201d) and access the underlying operating system. Successful exploitation requires direct physical access to the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269: Improper Privilege Management"}]}]}, "references": {"reference_data": [{"name": "https://www.siemens-healthineers.com/support-documentation/security-advisory", "refsource": "MISC", "url": "https://www.siemens-healthineers.com/support-documentation/security-advisory"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:30:21.872Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.siemens-healthineers.com/support-documentation/security-advisory"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-15797", "datePublished": "2020-10-13T15:30:19.000Z", "dateReserved": "2020-07-15T00:00:00.000Z", "dateUpdated": "2024-08-04T13:30:21.872Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:dca_vantage_analyzer_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B4F34A3-AB7B-4528-9F27-3073E25A5176", "versionEndExcluding": "4.5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:dca_vantage_analyzer:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDE5221F-8629-4DC4-AD8A-93EED671469B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (\u201ckiosk mode\u201d) and access the underlying operating system. Successful exploitation requires direct physical access to the system."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en DCA Vantage Analyzer (todas las versiones anteriores a V4.5 est\u00e1n afectadas por CVE-2020-7590. Adem\u00e1s, los n\u00fameros de serial anteriores a 40000 que ejecutan el software versi\u00f3n V4.4.0 tambi\u00e9n est\u00e1n afectados por CVE-2020-15797).&#xa0;Un Control de Acceso Inapropiado podr\u00eda permitir a un atacante no autenticado escapar del entorno restringido (\u201ckiosk mode\u201d) y acceder al sistema operativo subyacente.&#xa0;Una explotaci\u00f3n con \u00e9xito requiere acceso f\u00edsico directo al sistema"}], "id": "CVE-2020-15797", "lastModified": "2024-11-21T05:06:12.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-13T16:15:21.280", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://www.siemens-healthineers.com/support-documentation/security-advisory"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.siemens-healthineers.com/support-documentation/security-advisory"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "productcert@siemens.com", "type": "Secondary"}]}

{}

{}