Versio.io

CVE-2022-29875

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 01-06-2022 12:15
Last modified: - 11-06-2022 02:45
Total changes: - 2

Description

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
9.8
Base score
3.9
5.9
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=siemens AND product=biograph_horizon_pet\/ct_systems_firmware AND versionStartIncluding=vj30 AND versionEndExcluding=vj30c-ud01
OR
vendor=siemens AND product=biograph_horizon_pet\/ct_systems AND version=-
AND
OR
vendor=siemens AND product=magnetom_numaris_x_firmware AND version=va12m
vendor=siemens AND product=magnetom_numaris_x_firmware AND version=va12s
vendor=siemens AND product=magnetom_numaris_x_firmware AND version=va10b
vendor=siemens AND product=magnetom_numaris_x_firmware AND version=va20a
vendor=siemens AND product=magnetom_numaris_x_firmware AND version=va30a
vendor=siemens AND product=magnetom_numaris_x_firmware AND version=va31a
OR
vendor=siemens AND product=magnetom_numaris_x AND version=-
AND
OR
vendor=siemens AND product=mammomat_revelation_firmware AND versionStartIncluding=vc20 AND versionEndExcluding=vc20d
OR
vendor=siemens AND product=mammomat_revelation AND version=-
AND
OR
vendor=siemens AND product=naeotom_alpha_firmware AND version=va40 AND update=-
OR
vendor=siemens AND product=naeotom_alpha AND version=-
AND
OR
vendor=siemens AND product=somatom_x.cite_firmware AND versionEndExcluding=va30
vendor=siemens AND product=somatom_x.cite_firmware AND version=va30 AND update=-
vendor=siemens AND product=somatom_x.cite_firmware AND version=va40 AND update=-
OR
vendor=siemens AND product=somatom_x.cite AND version=-
AND
OR
vendor=siemens AND product=somatom_x.creed_firmware AND versionEndExcluding=va30
vendor=siemens AND product=somatom_x.creed_firmware AND version=va30 AND update=-
vendor=siemens AND product=somatom_x.creed_firmware AND version=va40 AND update=-
OR
vendor=siemens AND product=somatom_x.creed AND version=-
AND
OR
vendor=siemens AND product=somatom_go.all_firmware AND versionEndExcluding=va30
vendor=siemens AND product=somatom_go.all_firmware AND version=va30 AND update=-
vendor=siemens AND product=somatom_go.all_firmware AND version=va40 AND update=-
OR
vendor=siemens AND product=somatom_go.all AND version=-
AND
OR
vendor=siemens AND product=somatom_go.now_firmware AND versionEndExcluding=va30
vendor=siemens AND product=somatom_go.now_firmware AND version=va30 AND update=-
vendor=siemens AND product=somatom_go.now_firmware AND version=va40 AND update=-
OR
vendor=siemens AND product=somatom_go.now AND version=-
AND
OR
vendor=siemens AND product=somatom_go.open_pro_firmware AND versionEndExcluding=va30
vendor=siemens AND product=somatom_go.open_pro_firmware AND version=va30 AND update=-
vendor=siemens AND product=somatom_go.open_pro_firmware AND version=va40 AND update=-
OR
vendor=siemens AND product=somatom_go.open_pro AND version=-
AND
OR
vendor=siemens AND product=somatom_go.sim_firmware AND versionEndExcluding=va30
vendor=siemens AND product=somatom_go.sim_firmware AND version=va30 AND update=-
vendor=siemens AND product=somatom_go.sim_firmware AND version=va40 AND update=-
OR
vendor=siemens AND product=somatom_go.sim AND version=-
AND
OR
vendor=siemens AND product=somatom_go.up_firmware AND versionEndExcluding=va30
vendor=siemens AND product=somatom_go.up_firmware AND version=va30 AND update=-
vendor=siemens AND product=somatom_go.up_firmware AND version=va40 AND update=-
OR
vendor=siemens AND product=somatom_go.up AND version=-
AND
OR
vendor=siemens AND product=symbia_e_firmware AND versionStartIncluding=vb22 AND versionEndExcluding=vb22a-ud03
OR
vendor=siemens AND product=symbia_e AND version=-
AND
OR
vendor=siemens AND product=symbia_s_firmware AND versionStartIncluding=vb22 AND versionEndExcluding=vb22a-ud03
OR
vendor=siemens AND product=symbia_s AND version=-
AND
OR
vendor=siemens AND product=symbia_evo_firmware AND versionStartIncluding=vb22 AND versionEndExcluding=vb22a-ud03
OR
vendor=siemens AND product=symbia_evo AND version=-
AND
OR
vendor=siemens AND product=symbia_intevo_firmware AND versionStartIncluding=vb22 AND versionEndExcluding=vb22a-ud03
OR
vendor=siemens AND product=symbia_intevo AND version=-
AND
OR
vendor=siemens AND product=symbia_t_firmware AND versionStartIncluding=vb22 AND versionEndExcluding=vb22a-ud03
OR
vendor=siemens AND product=symbia_t AND version=-
OR
vendor=siemens AND product=symbia.net AND versionEndIncluding=vb22a-ud03 AND versionStartIncluding=vb22
OR
vendor=siemens AND product=syngo.via AND version=vb10
vendor=siemens AND product=syngo.via AND version=vb20
vendor=siemens AND product=syngo.via AND version=vb30
vendor=siemens AND product=syngo.via AND versionStartIncluding=vb40 AND versionEndExcluding=vb40b
vendor=siemens AND product=syngo.via AND version=vb40b AND update=-
vendor=siemens AND product=syngo.via AND version=vb60b AND update=-
vendor=siemens AND product=syngo.via AND version=vb50
vendor=siemens AND product=syngo.via AND versionStartIncluding=vb60 AND versionEndExcluding=vb60b
 

Reference

  • N/A-Mitigation, Vendor Advisory
 


Keywords

NVD

 

CVE-2022-29875

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.