Kiosk Mode Escape Vulnerability in HiMed Cockpit Devices Before V11.6.2

Plan Patch8.5SSA-540493Oct 8, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

HiMed Cockpit devices before V11.6.2 contain a vulnerability that allows an attacker to escape the restricted kiosk mode environment and gain direct access to the underlying operating system. This could enable modification of device settings, interruption of patient monitoring, or unauthorized access to clinical data. Affected versions are V11.5.1 through V11.6.1 across HiMed Cockpit 12 pro, 14 pro+, 18 pro, and 18 pro+ models.

What this means

What could happen

A person with physical or remote access to a HiMed Cockpit device could escape the restricted kiosk environment and run arbitrary commands on the underlying operating system, potentially allowing them to modify medical device settings, interrupt patient monitoring, or access sensitive health data.

Who's at risk

Healthcare facilities operating HiMed Cockpit 12, 14, 18, and 18+ medical workstations should prioritize this. Affected sites use these devices for patient monitoring, treatment control, or clinical data management. The risk is highest if devices are in critical care areas or accessible from shared networks.

How it could be exploited

An attacker gains access to a HiMed Cockpit device, exploits the kiosk mode escape vulnerability to break out of the restricted application environment, and then accesses the underlying operating system where they can execute arbitrary commands or access files without restrictions.

Prerequisites

Physical or local network access to the HiMed Cockpit device
Device running HiMed Cockpit version 11.5.1 through 11.6.1
No authentication required to exploit the kiosk escape itself

Kiosk environment escape allows OS-level accessNo authentication required for exploitationLow complexity attackAffects medical device functionalityHigh CVSS score (8.5)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

HiMed Cockpit 12 pro≥ V11.5.1, < V11.6.211.6.2

HiMed Cockpit 14 pro+≥ V11.5.1, < V11.6.211.6.2

HiMed Cockpit 18 pro≥ V11.5.1, < V11.6.211.6.2

HiMed Cockpit 18 pro+≥ V11.5.1, < V11.6.211.6.2

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGUntil patched, restrict physical access to HiMed Cockpit devices to authorized clinical staff only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all HiMed Cockpit devices to version 11.6.2 or later

HOTFIXContact Siemens customer support to obtain patch delivery and installation instructions

Long-term hardening

0/1

HARDENINGImplement network segmentation to limit access to HiMed Cockpit devices from untrusted network segments

CVEs (1)

CVE-2023-52952

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/790bd81d-396e-4a63-a71f-65fc8670b8cd