Search
Find a vulnerability
Search criteria
2 vulnerabilities found for symbia_evo_firmware by siemens
CVE-2022-29875 (GCVE-0-2022-29875)
Vulnerability from nvd – Published: 2022-06-01 09:50 – Updated: 2024-08-03 06:33
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.
Severity
No CVSS data available.
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.siemens-healthineers.com/support-docu… | x_refsource_MISC |
Impacted products
23 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Biograph Horizon PET/CT Systems |
Affected:
All VJ30 versions < VJ30C-UD01
|
|
| Siemens | MAGNETOM Family |
Affected:
NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A
|
|
| Siemens | MAMMOMAT Revelation |
Affected:
All VC20 versions < VC20D
|
|
| Siemens | NAEOTOM Alpha |
Affected:
All VA40 versions < VA40 SP2
|
|
| Siemens | SOMATOM X.cite |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM X.creed |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.All |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Now |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Open Pro |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Sim |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Top |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Up |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | Symbia E/S |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | Symbia Evo |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | Symbia Intevo |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | Symbia T |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | Symbia.net |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | syngo.via VB10 |
Affected:
All versions
|
|
| Siemens | syngo.via VB20 |
Affected:
All versions
|
|
| Siemens | syngo.via VB30 |
Affected:
All versions
|
|
| Siemens | syngo.via VB40 |
Affected:
All versions < VB40B HF06
|
|
| Siemens | syngo.via VB50 |
Affected:
All versions
|
|
| Siemens | syngo.via VB60 |
Affected:
All versions < VB60B HF02
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Biograph Horizon PET/CT Systems",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VJ30 versions \u003c VJ30C-UD01"
}
]
},
{
"product": "MAGNETOM Family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A"
}
]
},
{
"product": "MAMMOMAT Revelation",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VC20 versions \u003c VC20D"
}
]
},
{
"product": "NAEOTOM Alpha",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VA40 versions \u003c VA40 SP2"
}
]
},
{
"product": "SOMATOM X.cite",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM X.creed",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.All",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Now",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Open Pro",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Sim",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Top",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Up",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "Symbia E/S",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "Symbia Evo",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "Symbia Intevo",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "Symbia T",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "Symbia.net",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "syngo.via VB10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "syngo.via VB20",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "syngo.via VB30",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "syngo.via VB40",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VB40B HF06"
}
]
},
{
"product": "syngo.via VB50",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "syngo.via VB60",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VB60B HF02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T09:50:10.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-29875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Biograph Horizon PET/CT Systems",
"version": {
"version_data": [
{
"version_value": "All VJ30 versions \u003c VJ30C-UD01"
}
]
}
},
{
"product_name": "MAGNETOM Family",
"version": {
"version_data": [
{
"version_value": "NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A"
}
]
}
},
{
"product_name": "MAMMOMAT Revelation",
"version": {
"version_data": [
{
"version_value": "All VC20 versions \u003c VC20D"
}
]
}
},
{
"product_name": "NAEOTOM Alpha",
"version": {
"version_data": [
{
"version_value": "All VA40 versions \u003c VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM X.cite",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM X.creed",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.All",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Now",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Open Pro",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Sim",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Top",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Up",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "Symbia E/S",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "Symbia Evo",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "Symbia Intevo",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "Symbia T",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "Symbia.net",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "syngo.via VB10",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "syngo.via VB20",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "syngo.via VB30",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "syngo.via VB40",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VB40B HF06"
}
]
}
},
{
"product_name": "syngo.via VB50",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "syngo.via VB60",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VB60B HF02"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016",
"refsource": "MISC",
"url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-29875",
"datePublished": "2022-06-01T09:50:11.000Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:42.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29875 (GCVE-0-2022-29875)
Vulnerability from cvelistv5 – Published: 2022-06-01 09:50 – Updated: 2024-08-03 06:33
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.
Severity
No CVSS data available.
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.siemens-healthineers.com/support-docu… | x_refsource_MISC |
Impacted products
23 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Biograph Horizon PET/CT Systems |
Affected:
All VJ30 versions < VJ30C-UD01
|
|
| Siemens | MAGNETOM Family |
Affected:
NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A
|
|
| Siemens | MAMMOMAT Revelation |
Affected:
All VC20 versions < VC20D
|
|
| Siemens | NAEOTOM Alpha |
Affected:
All VA40 versions < VA40 SP2
|
|
| Siemens | SOMATOM X.cite |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM X.creed |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.All |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Now |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Open Pro |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Sim |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Top |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Up |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | Symbia E/S |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | Symbia Evo |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | Symbia Intevo |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | Symbia T |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | Symbia.net |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | syngo.via VB10 |
Affected:
All versions
|
|
| Siemens | syngo.via VB20 |
Affected:
All versions
|
|
| Siemens | syngo.via VB30 |
Affected:
All versions
|
|
| Siemens | syngo.via VB40 |
Affected:
All versions < VB40B HF06
|
|
| Siemens | syngo.via VB50 |
Affected:
All versions
|
|
| Siemens | syngo.via VB60 |
Affected:
All versions < VB60B HF02
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Biograph Horizon PET/CT Systems",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VJ30 versions \u003c VJ30C-UD01"
}
]
},
{
"product": "MAGNETOM Family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A"
}
]
},
{
"product": "MAMMOMAT Revelation",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VC20 versions \u003c VC20D"
}
]
},
{
"product": "NAEOTOM Alpha",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VA40 versions \u003c VA40 SP2"
}
]
},
{
"product": "SOMATOM X.cite",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM X.creed",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.All",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Now",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Open Pro",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Sim",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Top",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Up",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "Symbia E/S",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "Symbia Evo",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "Symbia Intevo",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "Symbia T",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "Symbia.net",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "syngo.via VB10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "syngo.via VB20",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "syngo.via VB30",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "syngo.via VB40",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VB40B HF06"
}
]
},
{
"product": "syngo.via VB50",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "syngo.via VB60",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VB60B HF02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T09:50:10.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-29875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Biograph Horizon PET/CT Systems",
"version": {
"version_data": [
{
"version_value": "All VJ30 versions \u003c VJ30C-UD01"
}
]
}
},
{
"product_name": "MAGNETOM Family",
"version": {
"version_data": [
{
"version_value": "NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A"
}
]
}
},
{
"product_name": "MAMMOMAT Revelation",
"version": {
"version_data": [
{
"version_value": "All VC20 versions \u003c VC20D"
}
]
}
},
{
"product_name": "NAEOTOM Alpha",
"version": {
"version_data": [
{
"version_value": "All VA40 versions \u003c VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM X.cite",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM X.creed",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.All",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Now",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Open Pro",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Sim",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Top",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Up",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "Symbia E/S",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "Symbia Evo",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "Symbia Intevo",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "Symbia T",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "Symbia.net",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "syngo.via VB10",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "syngo.via VB20",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "syngo.via VB30",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "syngo.via VB40",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VB40B HF06"
}
]
}
},
{
"product_name": "syngo.via VB50",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "syngo.via VB60",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VB60B HF02"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016",
"refsource": "MISC",
"url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-29875",
"datePublished": "2022-06-01T09:50:11.000Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:42.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}