Lucene search

SiemensCVELIST:CVE-2021-45465

HistoryJan 04, 2024 - 11:20 a.m.

CVE-2021-45465

2024-01-0411:20:18

CWE-123

siemens

www.cve.org

vulnerability

syngo fastview

bmp file parsing

code execution

data validation

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

0.001 Low

EPSS

Percentile

24.8%

JSON

A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15696)

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "syngo fastView",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for CVELIST:CVE-2021-45465