Vulnerability Description
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Biograph Horizon Pet\/Ct Systems Firmware | >= vj30, < vj30c-ud01 |
| Siemens | Biograph Horizon Pet\/Ct Systems | - |
| Siemens | Magnetom Numaris X Firmware | va10b |
| Siemens | Magnetom Numaris X | - |
| Siemens | Mammomat Revelation Firmware | >= vc20, < vc20d |
| Siemens | Mammomat Revelation | - |
| Siemens | Naeotom Alpha Firmware | va40 |
| Siemens | Naeotom Alpha | - |
| Siemens | Somatom X.Cite Firmware | < va30 |
| Siemens | Somatom X.Cite | - |
| Siemens | Somatom X.Creed Firmware | < va30 |
| Siemens | Somatom X.Creed | - |
| Siemens | Somatom Go.All Firmware | < va30 |
| Siemens | Somatom Go.All | - |
| Siemens | Somatom Go.Now Firmware | < va30 |
| Siemens | Somatom Go.Now | - |
| Siemens | Somatom Go.Open Pro Firmware | < va30 |
| Siemens | Somatom Go.Open Pro | - |
| Siemens | Somatom Go.Sim Firmware | < va30 |
| Siemens | Somatom Go.Sim | - |
Related Weaknesses (CWE)
References
- https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-45MitigationVendor Advisory
- https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-45MitigationVendor Advisory
FAQ
What is CVE-2022-29875?
CVE-2022-29875 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All...
How severe is CVE-2022-29875?
CVE-2022-29875 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-29875?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Biograph Horizon Pet\/Ct Systems Firmware, Siemens Biograph Horizon Pet\/Ct Systems, Siemens Magnetom Numaris X Firmware, Siemens Magnetom Numaris X, Siemens Mammomat Revelation Firmware.