Siemens HiMed Cockpit

Plan PatchCVSS 8.5ICS-CERT ICSA-24-284-08Oct 8, 2024

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

HiMed Cockpit devices versions V11.5.1 through V11.6.1 contain a kiosk mode escape vulnerability that allows local attackers to break out of the restricted user interface and gain direct access to the underlying operating system. The vulnerability affects HiMed Cockpit 12 pro, 14 pro+, 18 pro, and 18 pro+ models. Siemens has released firmware version V11.6.2 which corrects this issue. This vulnerability is not remotely exploitable and requires direct physical or local terminal access to the device.

What this means

What could happen

An attacker with local access to a HiMed Cockpit device can escape the restricted kiosk mode interface and gain full control of the underlying operating system, potentially allowing them to alter medical device settings, access patient data, or disrupt clinical operations.

Who's at risk

Healthcare organizations using HiMed Cockpit diagnostic or therapeutic devices, particularly those deployed in clinical settings where multiple staff members or unauthorized personnel may have access to the physical devices.

How it could be exploited

An attacker with physical or local terminal access to a HiMed Cockpit device can exploit the kiosk mode escape vulnerability to break out of the restricted environment and execute arbitrary commands on the host OS, gaining full system privileges.

Prerequisites

Local terminal or input device access to the HiMed Cockpit device
Device running affected firmware version (V11.5.1 to V11.6.1)

No authentication required for local exploitationLow complexity attackAffects medical device with potential patient safety implicationsAffects all four HiMed Cockpit product variants

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

HiMed Cockpit 12 pro≥ V11.5.1|<V11.6.211.6.2

HiMed Cockpit 14 pro+≥ V11.5.1|<V11.6.211.6.2

HiMed Cockpit 18 pro≥ V11.5.1|<V11.6.211.6.2

HiMed Cockpit 18 pro+≥ V11.5.1|<V11.6.211.6.2

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict physical and local access to HiMed Cockpit devices by placing them in secure, controlled areas with limited entry

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HiMed Cockpit 12 pro

HOTFIXUpdate HiMed Cockpit 12 pro, 14 pro+, 18 pro, and 18 pro+ devices to firmware version V11.6.2 or later

Long-term hardening

0/1

HARDENINGIsolate HiMed Cockpit devices on a protected clinical network segment, separate from general IT and public networks

CVEs (1)

CVE-2023-52952

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/94b9a638-2362-4469-9c8e-afebe374fb6f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.