Lucene search

[email protected]CVE-2022-29875

HistoryJun 01, 2022 - 10:15 a.m.

CVE-2022-29875

2022-06-0110:15:08

CWE-502

[email protected]

web.nvd.nist.gov

cve-2022-29875

vulnerability

medical imaging

arbitrary code execution

security advisory

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.3%

JSON

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

Affected configurations

NVD

Node

siemensbiograph_horizon_pet\/ct_systems_firmwareRangevj30–vj30c-ud01

AND

siemensbiograph_horizon_pet\/ct_systemsMatch-

Node

siemensmagnetom_numaris_x_firmwareMatchva10b

siemensmagnetom_numaris_x_firmwareMatchva12m

siemensmagnetom_numaris_x_firmwareMatchva12s

siemensmagnetom_numaris_x_firmwareMatchva20a

siemensmagnetom_numaris_x_firmwareMatchva30a

siemensmagnetom_numaris_x_firmwareMatchva31a

AND

siemensmagnetom_numaris_xMatch-

Node

siemensmammomat_revelation_firmwareRangevc20–vc20d

AND

siemensmammomat_revelationMatch-

Node

siemensnaeotom_alpha_firmwareMatchva40-

AND

siemensnaeotom_alphaMatch-

Node

siemenssomatom_x.cite_firmwareRange<va30

siemenssomatom_x.cite_firmwareMatchva30-

siemenssomatom_x.cite_firmwareMatchva40-

AND

siemenssomatom_x.citeMatch-

Node

siemenssomatom_x.creed_firmwareRange<va30

siemenssomatom_x.creed_firmwareMatchva30-

siemenssomatom_x.creed_firmwareMatchva40-

AND

siemenssomatom_x.creedMatch-

Node

siemenssomatom_go.all_firmwareRange<va30

siemenssomatom_go.all_firmwareMatchva30-

siemenssomatom_go.all_firmwareMatchva40-

AND

siemenssomatom_go.allMatch-

Node

siemenssomatom_go.now_firmwareRange<va30

siemenssomatom_go.now_firmwareMatchva30-

siemenssomatom_go.now_firmwareMatchva40-

AND

siemenssomatom_go.nowMatch-

Node

siemenssomatom_go.open_pro_firmwareRange<va30

siemenssomatom_go.open_pro_firmwareMatchva30-

siemenssomatom_go.open_pro_firmwareMatchva40-

AND

siemenssomatom_go.open_proMatch-

Node

siemenssomatom_go.sim_firmwareRange<va30

siemenssomatom_go.sim_firmwareMatchva30-

siemenssomatom_go.sim_firmwareMatchva40-

AND

siemenssomatom_go.simMatch-

Node

siemenssomatom_go.up_firmwareRange<va30

siemenssomatom_go.up_firmwareMatchva30-

siemenssomatom_go.up_firmwareMatchva40-

AND

siemenssomatom_go.upMatch-

Node

siemenssymbia_e_firmwareRangevb22–vb22a-ud03

AND

siemenssymbia_eMatch-

Node

siemenssymbia_s_firmwareRangevb22–vb22a-ud03

AND

siemenssymbia_sMatch-

Node

siemenssymbia_evo_firmwareRangevb22–vb22a-ud03

AND

siemenssymbia_evoMatch-

Node

siemenssymbia_intevo_firmwareRangevb22–vb22a-ud03

AND

siemenssymbia_intevoMatch-

Node

siemenssymbia_t_firmwareRangevb22–vb22a-ud03

AND

siemenssymbia_tMatch-

Node

siemenssymbia.netRangevb22–vb22a-ud03

Node

siemenssyngo.viaRangevb40–vb40b

siemenssyngo.viaRangevb60–vb60b

siemenssyngo.viaMatchvb10

siemenssyngo.viaMatchvb20

siemenssyngo.viaMatchvb30

siemenssyngo.viaMatchvb40b-

siemenssyngo.viaMatchvb50

siemenssyngo.viaMatchvb60b-

CPENameOperatorVersion
siemens:biograph_horizon_pet\/ct_systems_firmwaresiemens biograph horizon pet/ct systems firmwareltvj30c-ud01

CPE	Name	Operator	Version
siemens:biograph_horizon_pet\/ct_systems_firmware	siemens biograph horizon pet/ct systems firmware	lt	vj30c-ud01

CNA Affected

[
  {
    "product": "Biograph Horizon PET/CT Systems",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All VJ30 versions < VJ30C-UD01"
      }
    ]
  },
  {
    "product": "MAGNETOM Family",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A"
      }
    ]
  },
  {
    "product": "MAMMOMAT Revelation",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All VC20 versions < VC20D"
      }
    ]
  },
  {
    "product": "NAEOTOM Alpha",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All VA40 versions < VA40 SP2"
      }
    ]
  },
  {
    "product": "SOMATOM X.cite",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < VA30 SP5 or VA40 SP2"
      }
    ]
  },
  {
    "product": "SOMATOM X.creed",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < VA30 SP5 or VA40 SP2"
      }
    ]
  },
  {
    "product": "SOMATOM go.All",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < VA30 SP5 or VA40 SP2"
      }
    ]
  },
  {
    "product": "SOMATOM go.Now",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < VA30 SP5 or VA40 SP2"
      }
    ]
  },
  {
    "product": "SOMATOM go.Open Pro",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < VA30 SP5 or VA40 SP2"
      }
    ]
  },
  {
    "product": "SOMATOM go.Sim",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < VA30 SP5 or VA40 SP2"
      }
    ]
  },
  {
    "product": "SOMATOM go.Top",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < VA30 SP5 or VA40 SP2"
      }
    ]
  },
  {
    "product": "SOMATOM go.Up",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < VA30 SP5 or VA40 SP2"
      }
    ]
  },
  {
    "product": "Symbia E/S",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All VB22 versions < VB22A-UD03"
      }
    ]
  },
  {
    "product": "Symbia Evo",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All VB22 versions < VB22A-UD03"
      }
    ]
  },
  {
    "product": "Symbia Intevo",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All VB22 versions < VB22A-UD03"
      }
    ]
  },
  {
    "product": "Symbia T",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All VB22 versions < VB22A-UD03"
      }
    ]
  },
  {
    "product": "Symbia.net",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All VB22 versions < VB22A-UD03"
      }
    ]
  },
  {
    "product": "syngo.via VB10",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "syngo.via VB20",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "syngo.via VB30",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "syngo.via VB40",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < VB40B HF06"
      }
    ]
  },
  {
    "product": "syngo.via VB50",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "syngo.via VB60",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < VB60B HF02"
      }
    ]
  }
]

References

www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016

Social References

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.3%

JSON

Related for CVE-2022-29875

nvd1 cvelist1 prion1