CVE-2022-42893

2022-11-1717:15:13

CWE-73

CWE-610

[email protected]

web.nvd.nist.gov

cve-2022-42893

syngo dynamics

vulnerability

web service

data write access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

32.0%

JSON

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool.

Affected configurations

NVD

Node

siemenssyngo_dynamics_cardiovascular_imaging_and_information_systemRange<va40g_hf01

CPENameOperatorVersion
siemens:syngo_dynamics_cardiovascular_imaging_and_information_systemsiemens syngo dynamics cardiovascular imaging and information systemltva40g_hf01

CPE	Name	Operator	Version
siemens:syngo_dynamics_cardiovascular_imaging_and_information_system	siemens syngo dynamics cardiovascular imaging and information system	lt	va40g_hf01

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "syngo Dynamics",
    "versions": [
      {
        "version": "All versions < VA40G HF01",
        "status": "affected"
      }
    ]
  }
]