Vulnerability-Lookup

CVE-2022-29875 (GCVE-0-2022-29875)

Vulnerability from cvelistv5 – Published: 2022-06-01 09:50 – Updated: 2024-08-03 06:33

Summary

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

Severity ?

No CVSS data available.

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

siemens

References

URL

Tags

https://www.siemens-healthineers.com/support-docu…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Siemens

Biograph Horizon PET/CT Systems

Affected: All VJ30 versions < VJ30C-UD01

Siemens	MAGNETOM Family	Affected: NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A
Siemens	MAMMOMAT Revelation	Affected: All VC20 versions < VC20D
Siemens	NAEOTOM Alpha	Affected: All VA40 versions < VA40 SP2
Siemens	SOMATOM X.cite	Affected: All versions < VA30 SP5 or VA40 SP2
Siemens	SOMATOM X.creed	Affected: All versions < VA30 SP5 or VA40 SP2
Siemens	SOMATOM go.All	Affected: All versions < VA30 SP5 or VA40 SP2
Siemens	SOMATOM go.Now	Affected: All versions < VA30 SP5 or VA40 SP2
Siemens	SOMATOM go.Open Pro	Affected: All versions < VA30 SP5 or VA40 SP2
Siemens	SOMATOM go.Sim	Affected: All versions < VA30 SP5 or VA40 SP2
Siemens	SOMATOM go.Top	Affected: All versions < VA30 SP5 or VA40 SP2
Siemens	SOMATOM go.Up	Affected: All versions < VA30 SP5 or VA40 SP2
Siemens	Symbia E/S	Affected: All VB22 versions < VB22A-UD03
Siemens	Symbia Evo	Affected: All VB22 versions < VB22A-UD03
Siemens	Symbia Intevo	Affected: All VB22 versions < VB22A-UD03
Siemens	Symbia T	Affected: All VB22 versions < VB22A-UD03
Siemens	Symbia.net	Affected: All VB22 versions < VB22A-UD03
Siemens	syngo.via VB10	Affected: All versions
Siemens	syngo.via VB20	Affected: All versions
Siemens	syngo.via VB30	Affected: All versions
Siemens	syngo.via VB40	Affected: All versions < VB40B HF06
Siemens	syngo.via VB50	Affected: All versions
Siemens	syngo.via VB60	Affected: All versions < VB60B HF02

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:33:42.999Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Biograph Horizon PET/CT Systems",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All VJ30 versions \u003c VJ30C-UD01"
            }
          ]
        },
        {
          "product": "MAGNETOM Family",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A"
            }
          ]
        },
        {
          "product": "MAMMOMAT Revelation",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All VC20 versions \u003c VC20D"
            }
          ]
        },
        {
          "product": "NAEOTOM Alpha",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All VA40 versions \u003c VA40 SP2"
            }
          ]
        },
        {
          "product": "SOMATOM X.cite",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c VA30 SP5 or VA40 SP2"
            }
          ]
        },
        {
          "product": "SOMATOM X.creed",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c VA30 SP5 or VA40 SP2"
            }
          ]
        },
        {
          "product": "SOMATOM go.All",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c VA30 SP5 or VA40 SP2"
            }
          ]
        },
        {
          "product": "SOMATOM go.Now",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c VA30 SP5 or VA40 SP2"
            }
          ]
        },
        {
          "product": "SOMATOM go.Open Pro",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c VA30 SP5 or VA40 SP2"
            }
          ]
        },
        {
          "product": "SOMATOM go.Sim",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c VA30 SP5 or VA40 SP2"
            }
          ]
        },
        {
          "product": "SOMATOM go.Top",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c VA30 SP5 or VA40 SP2"
            }
          ]
        },
        {
          "product": "SOMATOM go.Up",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c VA30 SP5 or VA40 SP2"
            }
          ]
        },
        {
          "product": "Symbia E/S",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All VB22 versions \u003c VB22A-UD03"
            }
          ]
        },
        {
          "product": "Symbia Evo",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All VB22 versions \u003c VB22A-UD03"
            }
          ]
        },
        {
          "product": "Symbia Intevo",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All VB22 versions \u003c VB22A-UD03"
            }
          ]
        },
        {
          "product": "Symbia T",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All VB22 versions \u003c VB22A-UD03"
            }
          ]
        },
        {
          "product": "Symbia.net",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All VB22 versions \u003c VB22A-UD03"
            }
          ]
        },
        {
          "product": "syngo.via VB10",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "syngo.via VB20",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "syngo.via VB30",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "syngo.via VB40",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c VB40B HF06"
            }
          ]
        },
        {
          "product": "syngo.via VB50",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "syngo.via VB60",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c VB60B HF02"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-01T09:50:10.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2022-29875",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Biograph Horizon PET/CT Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All VJ30 versions \u003c VJ30C-UD01"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MAGNETOM Family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MAMMOMAT Revelation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All VC20 versions \u003c VC20D"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "NAEOTOM Alpha",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All VA40 versions \u003c VA40 SP2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SOMATOM X.cite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SOMATOM X.creed",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SOMATOM go.All",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SOMATOM go.Now",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SOMATOM go.Open Pro",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SOMATOM go.Sim",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SOMATOM go.Top",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SOMATOM go.Up",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Symbia E/S",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All VB22 versions \u003c VB22A-UD03"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Symbia Evo",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All VB22 versions \u003c VB22A-UD03"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Symbia Intevo",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All VB22 versions \u003c VB22A-UD03"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Symbia T",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All VB22 versions \u003c VB22A-UD03"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Symbia.net",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All VB22 versions \u003c VB22A-UD03"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "syngo.via VB10",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "syngo.via VB20",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "syngo.via VB30",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "syngo.via VB40",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c VB40B HF06"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "syngo.via VB50",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "syngo.via VB60",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c VB60B HF02"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-502: Deserialization of Untrusted Data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016",
              "refsource": "MISC",
              "url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-29875",
    "datePublished": "2022-06-01T09:50:11.000Z",
    "dateReserved": "2022-04-28T00:00:00.000Z",
    "dateUpdated": "2024-08-03T06:33:42.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-29875",
      "date": "2026-04-25",
      "epss": "0.02833",
      "percentile": "0.86228"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:biograph_horizon_pet\\\\/ct_systems_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"vj30\", \"versionEndExcluding\": \"vj30c-ud01\", \"matchCriteriaId\": \"6F27370D-C680-4962-98E0-26B73BF68835\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:biograph_horizon_pet\\\\/ct_systems:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67E12730-E162-4EB1-823F-ED32390F2985\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va10b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11DD14BC-D734-4107-90F8-9E065200B385\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va12m:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71CB0F52-0B27-4249-AB10-C144DA10B4B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va12s:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8947F537-AF6C-4C4A-8F0D-B77021F9E68A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va20a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2999C4D0-4DA1-4935-A7CF-8A9E6FD701A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va30a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1729042A-ACFC-4F57-BF7A-1C65640F1B69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va31a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2E75225-D1BA-4D1B-AA3B-6EE9BCD8999B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:magnetom_numaris_x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96E21BDE-7201-4C2D-BD2D-E4BB99CB5650\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:mammomat_revelation_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"vc20\", \"versionEndExcluding\": \"vc20d\", \"matchCriteriaId\": \"333F8BB6-BCD4-406E-A597-220F334C5E3A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:mammomat_revelation:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CD931BD-95B8-4F60-9BC6-5C18EE17A492\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:naeotom_alpha_firmware:va40:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"93E31753-21F6-40AD-92F8-2088200A761F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:naeotom_alpha:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8C3D642-2AE4-411D-BC1C-4A934AA48C2F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_x.cite_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"va30\", \"matchCriteriaId\": \"735363E0-944D-462A-91AA-4704FCE64CF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_x.cite_firmware:va30:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A6BB9B4-545F-4F95-9DDF-13DB45743087\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_x.cite_firmware:va40:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"0527C89B-83CA-4246-8D64-EA473896952F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:somatom_x.cite:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3C367EC-BC49-423D-933B-9DC048F7E78A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_x.creed_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"va30\", \"matchCriteriaId\": \"73FB1566-BFBE-499B-95F1-4487EEF39B29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_x.creed_firmware:va30:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"A07B2EBF-6088-42FE-BA9D-ED9081F7DE59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_x.creed_firmware:va40:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"D203CB63-2B3B-4BD4-BAAA-8E3F6666058F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:somatom_x.creed:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A41CF532-3BA4-4C1F-AA78-D2F980269D76\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.all_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"va30\", \"matchCriteriaId\": \"328E32A0-325F-4E45-92AD-2D260FE05395\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.all_firmware:va30:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BD3C0CD-E5AB-4C4F-9051-78CDF6A2FBFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.all_firmware:va40:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"B28D986B-38EC-4E24-B93B-EA366F41DC00\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:somatom_go.all:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DBAA30D-8DC7-447B-9652-41DF91F1492F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.now_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"va30\", \"matchCriteriaId\": \"34A4BA0F-96D7-492A-A5E1-AE8F32BA0D35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.now_firmware:va30:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D978838-E6E0-4165-9654-86A21EBB0B62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.now_firmware:va40:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE59DDD8-85E1-4F81-9F37-74DE10457FBC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:somatom_go.now:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7546A052-9C3E-4633-BD80-FF6184C2F32B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.open_pro_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"va30\", \"matchCriteriaId\": \"8B228177-4BBA-4487-831A-47538FD649AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.open_pro_firmware:va30:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"0331A134-AA24-4EE5-86E6-9CAF7647BC91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.open_pro_firmware:va40:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"5525AF01-B51A-4911-BFD6-98092AE95D5B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:somatom_go.open_pro:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"111A83AD-94F0-40C1-BECA-08E00D611843\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.sim_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"va30\", \"matchCriteriaId\": \"2E333993-B218-42FD-9D5F-D0ECEB9D76E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.sim_firmware:va30:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"54C1D98B-4273-4284-BC99-8A905B5A8509\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.sim_firmware:va40:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"63C56A23-976F-4A97-82C8-CAEDFD37BE32\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:somatom_go.sim:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AE10779-276C-4051-A128-3A009F4143F7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.up_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"va30\", \"matchCriteriaId\": \"951B855E-0D86-4D21-B1E6-35404828EC63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.up_firmware:va30:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"18C0CA67-79D4-41D4-9669-E36766BE07EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:somatom_go.up_firmware:va40:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"85809BBF-667A-4847-B09E-8BBFB3664467\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:somatom_go.up:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0A687DA-B4C4-49CF-BC9A-8D002646A1DF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:symbia_e_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"vb22\", \"versionEndExcluding\": \"vb22a-ud03\", \"matchCriteriaId\": \"6BD95A1D-DA8B-4955-98B4-54E84346D04B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:symbia_e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8346C32-3CF9-4D67-AB01-421DA9715131\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:symbia_s_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"vb22\", \"versionEndExcluding\": \"vb22a-ud03\", \"matchCriteriaId\": \"99D8FD3E-CE88-4608-BE5F-19B1D45D213A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:symbia_s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1396FD8-B019-4FBD-9196-7177916B9982\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:symbia_evo_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"vb22\", \"versionEndExcluding\": \"vb22a-ud03\", \"matchCriteriaId\": \"24079DE0-17B4-4B00-B983-6F66A66B85C0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:symbia_evo:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97C7E3B6-678A-4F8E-91E0-DD9A416CCF6E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:symbia_intevo_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"vb22\", \"versionEndExcluding\": \"vb22a-ud03\", \"matchCriteriaId\": \"6A4183D3-72FC-4638-B39F-517F23147460\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:symbia_intevo:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65CDCBF5-AA64-4192-ACBC-5C72B8CDE92F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:symbia_t_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"vb22\", \"versionEndExcluding\": \"vb22a-ud03\", \"matchCriteriaId\": \"425B31A9-61FD-4888-9602-2D1BDDC6F141\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:symbia_t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8029BBD1-26AC-46A7-9739-93B7D69DAD17\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:symbia.net:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"vb22\", \"versionEndIncluding\": \"vb22a-ud03\", \"matchCriteriaId\": \"F3BCDD49-2215-4E9A-9340-48ED0152BC48\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:syngo.via:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"vb40\", \"versionEndExcluding\": \"vb40b\", \"matchCriteriaId\": \"AF5B8334-DD9B-4094-88E6-18F26584E204\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:syngo.via:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"vb60\", \"versionEndExcluding\": \"vb60b\", \"matchCriteriaId\": \"DA1C328A-298E-43C4-A446-87DC4C2628D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:syngo.via:vb10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3024E14-7F2D-437F-ABAF-8DC75D3CBEC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:syngo.via:vb20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC558658-5A6F-4397-9A84-62485C9C453F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:syngo.via:vb30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F3F610A-254D-4BEF-B8DA-C64E66630D1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:syngo.via:vb40b:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FF5765F-D91F-4D2C-BB5C-709A4F7DE5A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:syngo.via:vb50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E9AB3F5-75FE-4541-877F-FA5AFF24901C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:syngo.via:vb60b:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"1204CB31-5663-4F4A-B544-F8592304E1B9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en los sistemas Biograph Horizon PET/CT (todas las versiones VJ30 anteriores a VJ30C-UD01), la familia MAGNETOM (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (todas las versiones VC20 anteriores a VC20D), NAEOTOM Alpha (todas las versiones VA40 anteriores a VA40 SP2), SOMATOM X. cite (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM X.creed (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go.All (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go.Now (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go.Open Pro (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go. Sim (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go.Top (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go. Up (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), Symbia E/S (Todas las versiones VB22 anteriores a VB22A-UD03), Symbia Evo (Todas las versiones VB22 anteriores a VB22A-UD03), Symbia Intevo (Todas las versiones VB22 anteriores a VB22A-UD03), Symbia T (Todas las versiones VB22 anteriores a VB22A-UD03), Symbia. net (Todas las versiones VB22 anteriores a VB22A-UD03), syngo.via VB10 (Todas las versiones), syngo.via VB20 (Todas las versiones), syngo.via VB30 (Todas las versiones), syngo.via VB40 (Todas las versiones anteriores a VB40B HF06), syngo.via VB50 (Todas las versiones), syngo.via VB60 (Todas las versiones anteriores a VB60B HF02). La aplicaci\\u00f3n deserializa datos no confiables sin suficientes comprobaciones, lo que podr\\u00eda resultar en una deserializaci\\u00f3n arbitraria. Esto podr\\u00eda permitir a un atacante no autenticado ejecutar c\\u00f3digo en el sistema afectado si los puertos 32912/tcp o 32914/tcp son alcanzables\"}]",
      "id": "CVE-2022-29875",
      "lastModified": "2024-11-21T06:59:52.537",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-06-01T10:15:08.197",
      "references": "[{\"url\": \"https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-29875\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2022-06-01T10:15:08.197\",\"lastModified\":\"2024-11-21T06:59:52.537\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en los sistemas Biograph Horizon PET/CT (todas las versiones VJ30 anteriores a VJ30C-UD01), la familia MAGNETOM (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (todas las versiones VC20 anteriores a VC20D), NAEOTOM Alpha (todas las versiones VA40 anteriores a VA40 SP2), SOMATOM X. cite (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM X.creed (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go.All (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go.Now (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go.Open Pro (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go. Sim (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go.Top (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go. Up (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), Symbia E/S (Todas las versiones VB22 anteriores a VB22A-UD03), Symbia Evo (Todas las versiones VB22 anteriores a VB22A-UD03), Symbia Intevo (Todas las versiones VB22 anteriores a VB22A-UD03), Symbia T (Todas las versiones VB22 anteriores a VB22A-UD03), Symbia. net (Todas las versiones VB22 anteriores a VB22A-UD03), syngo.via VB10 (Todas las versiones), syngo.via VB20 (Todas las versiones), syngo.via VB30 (Todas las versiones), syngo.via VB40 (Todas las versiones anteriores a VB40B HF06), syngo.via VB50 (Todas las versiones), syngo.via VB60 (Todas las versiones anteriores a VB60B HF02). La aplicaci\u00f3n deserializa datos no confiables sin suficientes comprobaciones, lo que podr\u00eda resultar en una deserializaci\u00f3n arbitraria. Esto podr\u00eda permitir a un atacante no autenticado ejecutar c\u00f3digo en el sistema afectado si los puertos 32912/tcp o 32914/tcp son alcanzables\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:biograph_horizon_pet\\\\/ct_systems_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"vj30\",\"versionEndExcluding\":\"vj30c-ud01\",\"matchCriteriaId\":\"6F27370D-C680-4962-98E0-26B73BF68835\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:biograph_horizon_pet\\\\/ct_systems:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67E12730-E162-4EB1-823F-ED32390F2985\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va10b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11DD14BC-D734-4107-90F8-9E065200B385\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va12m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71CB0F52-0B27-4249-AB10-C144DA10B4B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va12s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8947F537-AF6C-4C4A-8F0D-B77021F9E68A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va20a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2999C4D0-4DA1-4935-A7CF-8A9E6FD701A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va30a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1729042A-ACFC-4F57-BF7A-1C65640F1B69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va31a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2E75225-D1BA-4D1B-AA3B-6EE9BCD8999B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:magnetom_numaris_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96E21BDE-7201-4C2D-BD2D-E4BB99CB5650\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:mammomat_revelation_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"vc20\",\"versionEndExcluding\":\"vc20d\",\"matchCriteriaId\":\"333F8BB6-BCD4-406E-A597-220F334C5E3A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:mammomat_revelation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CD931BD-95B8-4F60-9BC6-5C18EE17A492\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:naeotom_alpha_firmware:va40:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"93E31753-21F6-40AD-92F8-2088200A761F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:naeotom_alpha:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8C3D642-2AE4-411D-BC1C-4A934AA48C2F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_x.cite_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"va30\",\"matchCriteriaId\":\"735363E0-944D-462A-91AA-4704FCE64CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_x.cite_firmware:va30:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A6BB9B4-545F-4F95-9DDF-13DB45743087\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_x.cite_firmware:va40:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0527C89B-83CA-4246-8D64-EA473896952F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:somatom_x.cite:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3C367EC-BC49-423D-933B-9DC048F7E78A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_x.creed_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"va30\",\"matchCriteriaId\":\"73FB1566-BFBE-499B-95F1-4487EEF39B29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_x.creed_firmware:va30:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A07B2EBF-6088-42FE-BA9D-ED9081F7DE59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_x.creed_firmware:va40:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D203CB63-2B3B-4BD4-BAAA-8E3F6666058F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:somatom_x.creed:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A41CF532-3BA4-4C1F-AA78-D2F980269D76\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.all_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"va30\",\"matchCriteriaId\":\"328E32A0-325F-4E45-92AD-2D260FE05395\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.all_firmware:va30:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BD3C0CD-E5AB-4C4F-9051-78CDF6A2FBFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.all_firmware:va40:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B28D986B-38EC-4E24-B93B-EA366F41DC00\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:somatom_go.all:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DBAA30D-8DC7-447B-9652-41DF91F1492F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.now_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"va30\",\"matchCriteriaId\":\"34A4BA0F-96D7-492A-A5E1-AE8F32BA0D35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.now_firmware:va30:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D978838-E6E0-4165-9654-86A21EBB0B62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.now_firmware:va40:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE59DDD8-85E1-4F81-9F37-74DE10457FBC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:somatom_go.now:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7546A052-9C3E-4633-BD80-FF6184C2F32B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.open_pro_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"va30\",\"matchCriteriaId\":\"8B228177-4BBA-4487-831A-47538FD649AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.open_pro_firmware:va30:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0331A134-AA24-4EE5-86E6-9CAF7647BC91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.open_pro_firmware:va40:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5525AF01-B51A-4911-BFD6-98092AE95D5B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:somatom_go.open_pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"111A83AD-94F0-40C1-BECA-08E00D611843\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.sim_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"va30\",\"matchCriteriaId\":\"2E333993-B218-42FD-9D5F-D0ECEB9D76E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.sim_firmware:va30:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"54C1D98B-4273-4284-BC99-8A905B5A8509\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.sim_firmware:va40:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"63C56A23-976F-4A97-82C8-CAEDFD37BE32\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:somatom_go.sim:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AE10779-276C-4051-A128-3A009F4143F7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.up_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"va30\",\"matchCriteriaId\":\"951B855E-0D86-4D21-B1E6-35404828EC63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.up_firmware:va30:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"18C0CA67-79D4-41D4-9669-E36766BE07EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:somatom_go.up_firmware:va40:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"85809BBF-667A-4847-B09E-8BBFB3664467\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:somatom_go.up:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0A687DA-B4C4-49CF-BC9A-8D002646A1DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:symbia_e_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"vb22\",\"versionEndExcluding\":\"vb22a-ud03\",\"matchCriteriaId\":\"6BD95A1D-DA8B-4955-98B4-54E84346D04B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:symbia_e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8346C32-3CF9-4D67-AB01-421DA9715131\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:symbia_s_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"vb22\",\"versionEndExcluding\":\"vb22a-ud03\",\"matchCriteriaId\":\"99D8FD3E-CE88-4608-BE5F-19B1D45D213A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:symbia_s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1396FD8-B019-4FBD-9196-7177916B9982\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:symbia_evo_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"vb22\",\"versionEndExcluding\":\"vb22a-ud03\",\"matchCriteriaId\":\"24079DE0-17B4-4B00-B983-6F66A66B85C0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:symbia_evo:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97C7E3B6-678A-4F8E-91E0-DD9A416CCF6E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:symbia_intevo_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"vb22\",\"versionEndExcluding\":\"vb22a-ud03\",\"matchCriteriaId\":\"6A4183D3-72FC-4638-B39F-517F23147460\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:symbia_intevo:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65CDCBF5-AA64-4192-ACBC-5C72B8CDE92F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:symbia_t_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"vb22\",\"versionEndExcluding\":\"vb22a-ud03\",\"matchCriteriaId\":\"425B31A9-61FD-4888-9602-2D1BDDC6F141\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:symbia_t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8029BBD1-26AC-46A7-9739-93B7D69DAD17\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:symbia.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"vb22\",\"versionEndIncluding\":\"vb22a-ud03\",\"matchCriteriaId\":\"F3BCDD49-2215-4E9A-9340-48ED0152BC48\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:syngo.via:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"vb40\",\"versionEndExcluding\":\"vb40b\",\"matchCriteriaId\":\"AF5B8334-DD9B-4094-88E6-18F26584E204\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:syngo.via:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"vb60\",\"versionEndExcluding\":\"vb60b\",\"matchCriteriaId\":\"DA1C328A-298E-43C4-A446-87DC4C2628D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:syngo.via:vb10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3024E14-7F2D-437F-ABAF-8DC75D3CBEC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:syngo.via:vb20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC558658-5A6F-4397-9A84-62485C9C453F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:syngo.via:vb30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F3F610A-254D-4BEF-B8DA-C64E66630D1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:syngo.via:vb40b:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5765F-D91F-4D2C-BB5C-709A4F7DE5A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:syngo.via:vb50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E9AB3F5-75FE-4541-877F-FA5AFF24901C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:syngo.via:vb60b:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1204CB31-5663-4F4A-B544-F8592304E1B9\"}]}]}],\"references\":[{\"url\":\"https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}

GSD-2022-29875

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-29875

Aliases

CVE-2022-29875

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-29875",
    "description": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.",
    "id": "GSD-2022-29875"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-29875"
      ],
      "details": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.",
      "id": "GSD-2022-29875",
      "modified": "2023-12-13T01:19:42.309803Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2022-29875",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Biograph Horizon PET/CT Systems",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All VJ30 versions \u003c VJ30C-UD01"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MAGNETOM Family",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MAMMOMAT Revelation",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All VC20 versions \u003c VC20D"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "NAEOTOM Alpha",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All VA40 versions \u003c VA40 SP2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SOMATOM X.cite",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SOMATOM X.creed",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SOMATOM go.All",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SOMATOM go.Now",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SOMATOM go.Open Pro",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SOMATOM go.Sim",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SOMATOM go.Top",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SOMATOM go.Up",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Symbia E/S",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All VB22 versions \u003c VB22A-UD03"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Symbia Evo",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All VB22 versions \u003c VB22A-UD03"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Symbia Intevo",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All VB22 versions \u003c VB22A-UD03"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Symbia T",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All VB22 versions \u003c VB22A-UD03"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Symbia.net",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All VB22 versions \u003c VB22A-UD03"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "syngo.via VB10",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "syngo.via VB20",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "syngo.via VB30",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "syngo.via VB40",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c VB40B HF06"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "syngo.via VB50",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "syngo.via VB60",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c VB60B HF02"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-502: Deserialization of Untrusted Data"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016",
            "refsource": "MISC",
            "url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:biograph_horizon_pet\\/ct_systems_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "vj30c-ud01",
                    "versionStartIncluding": "vj30",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:biograph_horizon_pet\\/ct_systems:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va12m:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va12s:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va10b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va20a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va30a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va31a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:magnetom_numaris_x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:mammomat_revelation_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "vc20d",
                    "versionStartIncluding": "vc20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:mammomat_revelation:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:naeotom_alpha_firmware:va40:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:naeotom_alpha:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_x.cite_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "va30",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_x.cite_firmware:va30:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_x.cite_firmware:va40:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:somatom_x.cite:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_x.creed_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "va30",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_x.creed_firmware:va30:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_x.creed_firmware:va40:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:somatom_x.creed:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.all_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "va30",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.all_firmware:va30:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.all_firmware:va40:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:somatom_go.all:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.now_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "va30",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.now_firmware:va30:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.now_firmware:va40:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:somatom_go.now:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.open_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "va30",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.open_pro_firmware:va30:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.open_pro_firmware:va40:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:somatom_go.open_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.sim_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "va30",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.sim_firmware:va30:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.sim_firmware:va40:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:somatom_go.sim:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.up_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "va30",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.up_firmware:va30:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:somatom_go.up_firmware:va40:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:somatom_go.up:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:symbia_e_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "vb22a-ud03",
                    "versionStartIncluding": "vb22",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:symbia_e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:symbia_s_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "vb22a-ud03",
                    "versionStartIncluding": "vb22",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:symbia_s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:symbia_evo_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "vb22a-ud03",
                    "versionStartIncluding": "vb22",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:symbia_evo:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:symbia_intevo_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "vb22a-ud03",
                    "versionStartIncluding": "vb22",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:symbia_intevo:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:symbia_t_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "vb22a-ud03",
                    "versionStartIncluding": "vb22",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:symbia_t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:symbia.net:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "vb22a-ud03",
                "versionStartIncluding": "vb22",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:syngo.via:vb10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:syngo.via:vb20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:syngo.via:vb30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:syngo.via:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "vb40b",
                "versionStartIncluding": "vb40",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:syngo.via:vb40b:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:syngo.via:vb60b:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:syngo.via:vb50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:syngo.via:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "vb60b",
                "versionStartIncluding": "vb60",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2022-29875"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-06-11T00:45Z",
      "publishedDate": "2022-06-01T10:15Z"
    }
  }
}

FKIE_CVE-2022-29875

Vulnerability from fkie_nvd - Published: 2022-06-01 10:15 - Updated: 2024-11-21 06:59

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	productcert@siemens.com	https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	biograph_horizon_pet\/ct_systems_firmware	*
siemens	biograph_horizon_pet\/ct_systems	-
siemens	magnetom_numaris_x_firmware	va10b
siemens	magnetom_numaris_x_firmware	va12m
siemens	magnetom_numaris_x_firmware	va12s
siemens	magnetom_numaris_x_firmware	va20a
siemens	magnetom_numaris_x_firmware	va30a
siemens	magnetom_numaris_x_firmware	va31a
siemens	magnetom_numaris_x	-
siemens	mammomat_revelation_firmware	*
siemens	mammomat_revelation	-
siemens	naeotom_alpha_firmware	va40
siemens	naeotom_alpha	-
siemens	somatom_x.cite_firmware	*
siemens	somatom_x.cite_firmware	va30
siemens	somatom_x.cite_firmware	va40
siemens	somatom_x.cite	-
siemens	somatom_x.creed_firmware	*
siemens	somatom_x.creed_firmware	va30
siemens	somatom_x.creed_firmware	va40
siemens	somatom_x.creed	-
siemens	somatom_go.all_firmware	*
siemens	somatom_go.all_firmware	va30
siemens	somatom_go.all_firmware	va40
siemens	somatom_go.all	-
siemens	somatom_go.now_firmware	*
siemens	somatom_go.now_firmware	va30
siemens	somatom_go.now_firmware	va40
siemens	somatom_go.now	-
siemens	somatom_go.open_pro_firmware	*
siemens	somatom_go.open_pro_firmware	va30
siemens	somatom_go.open_pro_firmware	va40
siemens	somatom_go.open_pro	-
siemens	somatom_go.sim_firmware	*
siemens	somatom_go.sim_firmware	va30
siemens	somatom_go.sim_firmware	va40
siemens	somatom_go.sim	-
siemens	somatom_go.up_firmware	*
siemens	somatom_go.up_firmware	va30
siemens	somatom_go.up_firmware	va40
siemens	somatom_go.up	-
siemens	symbia_e_firmware	*
siemens	symbia_e	-
siemens	symbia_s_firmware	*
siemens	symbia_s	-
siemens	symbia_evo_firmware	*
siemens	symbia_evo	-
siemens	symbia_intevo_firmware	*
siemens	symbia_intevo	-
siemens	symbia_t_firmware	*
siemens	symbia_t	-
siemens	symbia.net	*
siemens	syngo.via	*
siemens	syngo.via	*
siemens	syngo.via	vb10
siemens	syngo.via	vb20
siemens	syngo.via	vb30
siemens	syngo.via	vb40b
siemens	syngo.via	vb50
siemens	syngo.via	vb60b

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:biograph_horizon_pet\\/ct_systems_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F27370D-C680-4962-98E0-26B73BF68835",
              "versionEndExcluding": "vj30c-ud01",
              "versionStartIncluding": "vj30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:biograph_horizon_pet\\/ct_systems:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67E12730-E162-4EB1-823F-ED32390F2985",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va10b:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DD14BC-D734-4107-90F8-9E065200B385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va12m:*:*:*:*:*:*:*",
              "matchCriteriaId": "71CB0F52-0B27-4249-AB10-C144DA10B4B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va12s:*:*:*:*:*:*:*",
              "matchCriteriaId": "8947F537-AF6C-4C4A-8F0D-B77021F9E68A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "2999C4D0-4DA1-4935-A7CF-8A9E6FD701A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va30a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1729042A-ACFC-4F57-BF7A-1C65640F1B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:magnetom_numaris_x_firmware:va31a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E75225-D1BA-4D1B-AA3B-6EE9BCD8999B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:magnetom_numaris_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "96E21BDE-7201-4C2D-BD2D-E4BB99CB5650",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:mammomat_revelation_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "333F8BB6-BCD4-406E-A597-220F334C5E3A",
              "versionEndExcluding": "vc20d",
              "versionStartIncluding": "vc20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:mammomat_revelation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CD931BD-95B8-4F60-9BC6-5C18EE17A492",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:naeotom_alpha_firmware:va40:-:*:*:*:*:*:*",
              "matchCriteriaId": "93E31753-21F6-40AD-92F8-2088200A761F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:naeotom_alpha:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8C3D642-2AE4-411D-BC1C-4A934AA48C2F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:somatom_x.cite_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "735363E0-944D-462A-91AA-4704FCE64CF8",
              "versionEndExcluding": "va30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_x.cite_firmware:va30:-:*:*:*:*:*:*",
              "matchCriteriaId": "0A6BB9B4-545F-4F95-9DDF-13DB45743087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_x.cite_firmware:va40:-:*:*:*:*:*:*",
              "matchCriteriaId": "0527C89B-83CA-4246-8D64-EA473896952F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:somatom_x.cite:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3C367EC-BC49-423D-933B-9DC048F7E78A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:somatom_x.creed_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FB1566-BFBE-499B-95F1-4487EEF39B29",
              "versionEndExcluding": "va30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_x.creed_firmware:va30:-:*:*:*:*:*:*",
              "matchCriteriaId": "A07B2EBF-6088-42FE-BA9D-ED9081F7DE59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_x.creed_firmware:va40:-:*:*:*:*:*:*",
              "matchCriteriaId": "D203CB63-2B3B-4BD4-BAAA-8E3F6666058F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:somatom_x.creed:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A41CF532-3BA4-4C1F-AA78-D2F980269D76",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.all_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "328E32A0-325F-4E45-92AD-2D260FE05395",
              "versionEndExcluding": "va30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.all_firmware:va30:-:*:*:*:*:*:*",
              "matchCriteriaId": "5BD3C0CD-E5AB-4C4F-9051-78CDF6A2FBFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.all_firmware:va40:-:*:*:*:*:*:*",
              "matchCriteriaId": "B28D986B-38EC-4E24-B93B-EA366F41DC00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:somatom_go.all:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DBAA30D-8DC7-447B-9652-41DF91F1492F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.now_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34A4BA0F-96D7-492A-A5E1-AE8F32BA0D35",
              "versionEndExcluding": "va30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.now_firmware:va30:-:*:*:*:*:*:*",
              "matchCriteriaId": "8D978838-E6E0-4165-9654-86A21EBB0B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.now_firmware:va40:-:*:*:*:*:*:*",
              "matchCriteriaId": "BE59DDD8-85E1-4F81-9F37-74DE10457FBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:somatom_go.now:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7546A052-9C3E-4633-BD80-FF6184C2F32B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.open_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B228177-4BBA-4487-831A-47538FD649AB",
              "versionEndExcluding": "va30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.open_pro_firmware:va30:-:*:*:*:*:*:*",
              "matchCriteriaId": "0331A134-AA24-4EE5-86E6-9CAF7647BC91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.open_pro_firmware:va40:-:*:*:*:*:*:*",
              "matchCriteriaId": "5525AF01-B51A-4911-BFD6-98092AE95D5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:somatom_go.open_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "111A83AD-94F0-40C1-BECA-08E00D611843",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.sim_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E333993-B218-42FD-9D5F-D0ECEB9D76E8",
              "versionEndExcluding": "va30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.sim_firmware:va30:-:*:*:*:*:*:*",
              "matchCriteriaId": "54C1D98B-4273-4284-BC99-8A905B5A8509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.sim_firmware:va40:-:*:*:*:*:*:*",
              "matchCriteriaId": "63C56A23-976F-4A97-82C8-CAEDFD37BE32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:somatom_go.sim:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AE10779-276C-4051-A128-3A009F4143F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.up_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "951B855E-0D86-4D21-B1E6-35404828EC63",
              "versionEndExcluding": "va30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.up_firmware:va30:-:*:*:*:*:*:*",
              "matchCriteriaId": "18C0CA67-79D4-41D4-9669-E36766BE07EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:somatom_go.up_firmware:va40:-:*:*:*:*:*:*",
              "matchCriteriaId": "85809BBF-667A-4847-B09E-8BBFB3664467",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:somatom_go.up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0A687DA-B4C4-49CF-BC9A-8D002646A1DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:symbia_e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BD95A1D-DA8B-4955-98B4-54E84346D04B",
              "versionEndExcluding": "vb22a-ud03",
              "versionStartIncluding": "vb22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:symbia_e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8346C32-3CF9-4D67-AB01-421DA9715131",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:symbia_s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99D8FD3E-CE88-4608-BE5F-19B1D45D213A",
              "versionEndExcluding": "vb22a-ud03",
              "versionStartIncluding": "vb22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:symbia_s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1396FD8-B019-4FBD-9196-7177916B9982",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:symbia_evo_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24079DE0-17B4-4B00-B983-6F66A66B85C0",
              "versionEndExcluding": "vb22a-ud03",
              "versionStartIncluding": "vb22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:symbia_evo:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C7E3B6-678A-4F8E-91E0-DD9A416CCF6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:symbia_intevo_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A4183D3-72FC-4638-B39F-517F23147460",
              "versionEndExcluding": "vb22a-ud03",
              "versionStartIncluding": "vb22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:symbia_intevo:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65CDCBF5-AA64-4192-ACBC-5C72B8CDE92F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:symbia_t_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "425B31A9-61FD-4888-9602-2D1BDDC6F141",
              "versionEndExcluding": "vb22a-ud03",
              "versionStartIncluding": "vb22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:symbia_t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8029BBD1-26AC-46A7-9739-93B7D69DAD17",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:symbia.net:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3BCDD49-2215-4E9A-9340-48ED0152BC48",
              "versionEndIncluding": "vb22a-ud03",
              "versionStartIncluding": "vb22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:syngo.via:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5B8334-DD9B-4094-88E6-18F26584E204",
              "versionEndExcluding": "vb40b",
              "versionStartIncluding": "vb40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:syngo.via:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA1C328A-298E-43C4-A446-87DC4C2628D3",
              "versionEndExcluding": "vb60b",
              "versionStartIncluding": "vb60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:syngo.via:vb10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3024E14-7F2D-437F-ABAF-8DC75D3CBEC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:syngo.via:vb20:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC558658-5A6F-4397-9A84-62485C9C453F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:syngo.via:vb30:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3F610A-254D-4BEF-B8DA-C64E66630D1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:syngo.via:vb40b:-:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5765F-D91F-4D2C-BB5C-709A4F7DE5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:syngo.via:vb50:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AB3F5-75FE-4541-877F-FA5AFF24901C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:syngo.via:vb60b:-:*:*:*:*:*:*",
              "matchCriteriaId": "1204CB31-5663-4F4A-B544-F8592304E1B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en los sistemas Biograph Horizon PET/CT (todas las versiones VJ30 anteriores a VJ30C-UD01), la familia MAGNETOM (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (todas las versiones VC20 anteriores a VC20D), NAEOTOM Alpha (todas las versiones VA40 anteriores a VA40 SP2), SOMATOM X. cite (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM X.creed (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go.All (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go.Now (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go.Open Pro (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go. Sim (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go.Top (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), SOMATOM go. Up (Todas las versiones anteriores a VA30 SP5 o VA40 SP2), Symbia E/S (Todas las versiones VB22 anteriores a VB22A-UD03), Symbia Evo (Todas las versiones VB22 anteriores a VB22A-UD03), Symbia Intevo (Todas las versiones VB22 anteriores a VB22A-UD03), Symbia T (Todas las versiones VB22 anteriores a VB22A-UD03), Symbia. net (Todas las versiones VB22 anteriores a VB22A-UD03), syngo.via VB10 (Todas las versiones), syngo.via VB20 (Todas las versiones), syngo.via VB30 (Todas las versiones), syngo.via VB40 (Todas las versiones anteriores a VB40B HF06), syngo.via VB50 (Todas las versiones), syngo.via VB60 (Todas las versiones anteriores a VB60B HF02). La aplicaci\u00f3n deserializa datos no confiables sin suficientes comprobaciones, lo que podr\u00eda resultar en una deserializaci\u00f3n arbitraria. Esto podr\u00eda permitir a un atacante no autenticado ejecutar c\u00f3digo en el sistema afectado si los puertos 32912/tcp o 32914/tcp son alcanzables"
    }
  ],
  "id": "CVE-2022-29875",
  "lastModified": "2024-11-21T06:59:52.537",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-01T10:15:08.197",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-QQ72-778Q-MWMX

Vulnerability from github – Published: 2022-06-02 00:00 – Updated: 2022-06-12 00:00

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-29875"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-01T10:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.",
  "id": "GHSA-qq72-778q-mwmx",
  "modified": "2022-06-12T00:00:47Z",
  "published": "2022-06-02T00:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29875"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-29875 (GCVE-0-2022-29875)

GSD-2022-29875

FKIE_CVE-2022-29875

GHSA-QQ72-778Q-MWMX

Tags

Sightings

Nomenclature