9.8

CVE-2022-29875

EPSS 2.37%
Veröffentlicht 01.06.2022 10:15:08
Zuletzt bearbeitet 21.11.2024 06:59:52
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Biograph Horizon Pet/ct Systems Firmware Version >= vj30 < vj30c-ud01

Siemens ≫ Biograph Horizon Pet/ct Systems Version-

Siemens ≫ Magnetom Numaris X Firmware Versionva10b

Siemens ≫ Magnetom Numaris X Version-

Siemens ≫ Magnetom Numaris X Firmware Versionva12m

Siemens ≫ Magnetom Numaris X Version-

Siemens ≫ Magnetom Numaris X Firmware Versionva12s

Siemens ≫ Magnetom Numaris X Version-

Siemens ≫ Magnetom Numaris X Firmware Versionva20a

Siemens ≫ Magnetom Numaris X Version-

Siemens ≫ Magnetom Numaris X Firmware Versionva30a

Siemens ≫ Magnetom Numaris X Version-

Siemens ≫ Magnetom Numaris X Firmware Versionva31a

Siemens ≫ Magnetom Numaris X Version-

Siemens ≫ Mammomat Revelation Firmware Version >= vc20 < vc20d

Siemens ≫ Mammomat Revelation Version-

Siemens ≫ Naeotom Alpha Firmware Versionva40 Update-

Siemens ≫ Naeotom Alpha Version-

Siemens ≫ Somatom X.Cite Firmware Version < va30

Siemens ≫ Somatom X.Cite Version-

Siemens ≫ Somatom X.Cite Firmware Versionva30 Update-

Siemens ≫ Somatom X.Cite Version-

Siemens ≫ Somatom X.Cite Firmware Versionva40 Update-

Siemens ≫ Somatom X.Cite Version-

Siemens ≫ Somatom X.Creed Firmware Version < va30

Siemens ≫ Somatom X.Creed Version-

Siemens ≫ Somatom X.Creed Firmware Versionva30 Update-

Siemens ≫ Somatom X.Creed Version-

Siemens ≫ Somatom X.Creed Firmware Versionva40 Update-

Siemens ≫ Somatom X.Creed Version-

Siemens ≫ Somatom Go.All Firmware Version < va30

Siemens ≫ Somatom Go.All Version-

Siemens ≫ Somatom Go.All Firmware Versionva30 Update-

Siemens ≫ Somatom Go.All Version-

Siemens ≫ Somatom Go.All Firmware Versionva40 Update-

Siemens ≫ Somatom Go.All Version-

Siemens ≫ Somatom Go.Now Firmware Version < va30

Siemens ≫ Somatom Go.Now Version-

Siemens ≫ Somatom Go.Now Firmware Versionva30 Update-

Siemens ≫ Somatom Go.Now Version-

Siemens ≫ Somatom Go.Now Firmware Versionva40 Update-

Siemens ≫ Somatom Go.Now Version-

Siemens ≫ Somatom Go.Open Pro Firmware Version < va30

Siemens ≫ Somatom Go.Open Pro Version-

Siemens ≫ Somatom Go.Open Pro Firmware Versionva30 Update-

Siemens ≫ Somatom Go.Open Pro Version-

Siemens ≫ Somatom Go.Open Pro Firmware Versionva40 Update-

Siemens ≫ Somatom Go.Open Pro Version-

Siemens ≫ Somatom Go.Sim Firmware Version < va30

Siemens ≫ Somatom Go.Sim Version-

Siemens ≫ Somatom Go.Sim Firmware Versionva30 Update-

Siemens ≫ Somatom Go.Sim Version-

Siemens ≫ Somatom Go.Sim Firmware Versionva40 Update-

Siemens ≫ Somatom Go.Sim Version-

Siemens ≫ Somatom Go.Up Firmware Version < va30

Siemens ≫ Somatom Go.Up Version-

Siemens ≫ Somatom Go.Up Firmware Versionva30 Update-

Siemens ≫ Somatom Go.Up Version-

Siemens ≫ Somatom Go.Up Firmware Versionva40 Update-

Siemens ≫ Somatom Go.Up Version-

Siemens ≫ Symbia E Firmware Version >= vb22 < vb22a-ud03

Siemens ≫ Symbia E Version-

Siemens ≫ Symbia S Firmware Version >= vb22 < vb22a-ud03

Siemens ≫ Symbia S Version-

Siemens ≫ Symbia Evo Firmware Version >= vb22 < vb22a-ud03

Siemens ≫ Symbia Evo Version-

Siemens ≫ Symbia Intevo Firmware Version >= vb22 < vb22a-ud03

Siemens ≫ Symbia Intevo Version-

Siemens ≫ Symbia T Firmware Version >= vb22 < vb22a-ud03

Siemens ≫ Symbia T Version-

Siemens ≫ Symbia.Net Version >= vb22 <= vb22a-ud03

Siemens ≫ Syngo.Via Version >= vb40 < vb40b

Siemens ≫ Syngo.Via Version >= vb60 < vb60b

Siemens ≫ Syngo.Via Versionvb10

Siemens ≫ Syngo.Via Versionvb20

Siemens ≫ Syngo.Via Versionvb30

Siemens ≫ Syngo.Via Versionvb40b Update-

Siemens ≫ Syngo.Via Versionvb50

Siemens ≫ Syngo.Via Versionvb60b Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.37%	0.843

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-29875

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-29875

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-29875

EUVD