PT-2020-14640 · Siemens · Dca Vantage Analyzer+1

Published

2020-10-13

Updated

2020-10-28

CVE-2020-15797

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (“kiosk mode”) and access the underlying operating system. Successful exploitation requires direct physical access to the system.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2020-15797

Affected Products

Dca Vantage Analyzer

Dca Vantage Analyzer Firmware

PT-2020-14640 · Siemens · Dca Vantage Analyzer+1

CVE-2020-15797

Weakness Enumeration

Related Identifiers

Affected Products

References · 3