SSA-540493: Kiosk Mode Escape Vulnerability in HiMed Cockpit Devices Before V11.6.2 Key Information from the Webpage Screenshot: 1. Publication Date: - 2024-10-08 2. Last Update: - 2024-10-08 3. Current Version: - V1.0 4. CVSS v3.1 Base Score: - 8.5 5. CVSS v4.0 Base Score: - 9.3 6. Summary: - HiMed Cockpit devices before V11.6.2 contain a Kiosk Mode Escape vulnerability that could allow an attacker to escape the restricted environment and gain access to the underlying operating system. 7. Affected Products and Solution: - Affected Product and Versions: HiMed Cockpit - Remediation: Update to V11.6.2 or later version. Contact customer support to receive patch and update information. 8. General Security Recommendations: - Siemens recommends to protect network access to devices with appropriate mechanisms. Configure the environment according to Siemens' operational guidelines for Industrial Security (Download: ). 9. Product Description: - This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. 10. Vulnerability Description: - The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system. 11. Acknowledgments: - Siemens thanks the following party for its efforts: - Tamay Caliskan for reporting the vulnerability 12. Additional Information: - For further inquiries on security vulnerabilities in Siemens products and solutions, please contact Siemens ProductCERT: 13. History Data: - V1.0 (2024-10-08): Publication Date 14. Terms of Use: - Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.