CVE-2022-29875

Summary

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

Affected Software

VendorProductVersion RangeStatus
SiemensBiograph Horizon PET/CT SystemsAll VJ30 versions < VJ30C-UD01affected
SiemensMAGNETOM FamilyNUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31Aaffected
SiemensMAMMOMAT RevelationAll VC20 versions < VC20Daffected
SiemensNAEOTOM AlphaAll VA40 versions < VA40 SP2affected
SiemensSOMATOM X.citeAll versions < VA30 SP5 or VA40 SP2affected
SiemensSOMATOM X.creedAll versions < VA30 SP5 or VA40 SP2affected
SiemensSOMATOM go.AllAll versions < VA30 SP5 or VA40 SP2affected
SiemensSOMATOM go.NowAll versions < VA30 SP5 or VA40 SP2affected
SiemensSOMATOM go.Open ProAll versions < VA30 SP5 or VA40 SP2affected
SiemensSOMATOM go.SimAll versions < VA30 SP5 or VA40 SP2affected
SiemensSOMATOM go.TopAll versions < VA30 SP5 or VA40 SP2affected
SiemensSOMATOM go.UpAll versions < VA30 SP5 or VA40 SP2affected
SiemensSymbia E/SAll VB22 versions < VB22A-UD03affected
SiemensSymbia EvoAll VB22 versions < VB22A-UD03affected
SiemensSymbia IntevoAll VB22 versions < VB22A-UD03affected
SiemensSymbia TAll VB22 versions < VB22A-UD03affected
SiemensSymbia.netAll VB22 versions < VB22A-UD03affected
Siemenssyngo.via VB10All versionsaffected
Siemenssyngo.via VB20All versionsaffected
Siemenssyngo.via VB30All versionsaffected
Siemenssyngo.via VB40All versions < VB40B HF06affected
Siemenssyngo.via VB50All versionsaffected
Siemenssyngo.via VB60All versions < VB60B HF02affected

Weaknesses

  • CWE-502: CWE-502: Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

References