VYPR
Unrated severityNVD Advisory· Published Jun 1, 2022· Updated Aug 3, 2024

CVE-2022-29875

CVE-2022-29875

Description

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

26
  • Range: NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A
  • Range: < VC20D
  • Siemens/Biograph Horizon PET/CT Systemsv5
    Range: All VJ30 versions < VJ30C-UD01
  • Siemens/MAGNETOM Familyv5
    Range: NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A
  • Siemens/MAMMOMAT Revelationv5
    Range: All VC20 versions < VC20D
  • Siemens/NAEOTOM Alphav5
    Range: All VA40 versions < VA40 SP2
  • Siemens/SOMATOM go.Allv5
    Range: All versions < VA30 SP5 or VA40 SP2
  • Siemens/SOMATOM go.Nowv5
    Range: All versions < VA30 SP5 or VA40 SP2
  • Siemens/SOMATOM go.Open Prov5
    Range: All versions < VA30 SP5 or VA40 SP2
  • Siemens/SOMATOM go.Simv5
    Range: All versions < VA30 SP5 or VA40 SP2
  • Siemens/SOMATOM go.Topv5
    Range: All versions < VA30 SP5 or VA40 SP2
  • Siemens/SOMATOM go.Upv5
    Range: All versions < VA30 SP5 or VA40 SP2
  • Siemens/SOMATOM X.citev5
    Range: All versions < VA30 SP5 or VA40 SP2
  • Siemens/SOMATOM X.creedv5
    Range: All versions < VA30 SP5 or VA40 SP2
  • Siemens/Symbia E/Sv5
    Range: All VB22 versions < VB22A-UD03
  • Siemens/Symbia Evov5
    Range: All VB22 versions < VB22A-UD03
  • Siemens/Symbia Intevov5
    Range: All VB22 versions < VB22A-UD03
  • Siemens/Symbia.netv5
    Range: All VB22 versions < VB22A-UD03
  • Siemens/Symbia Tv5
    Range: All VB22 versions < VB22A-UD03
  • Siemens/syngo.via VB10v5
    Range: All versions
  • Siemens/syngo.via VB20v5
    Range: All versions
  • Siemens/syngo.via VB30v5
    Range: All versions
  • Siemens/syngo.via VB40v5
    Range: All versions < VB40B HF06
  • Siemens/syngo.via VB50v5
    Range: All versions
  • Siemens/syngo.via VB60v5
    Range: All versions < VB60B HF02

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.