cbcvebase.
CVE-2022-29875
published 2022-06-01

CVE-2022-29875: A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.63%
73.2th percentile
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

Affected

67 ranges· showing 25
VendorProductVersion rangeFixed in
siemensbiograph_horizon_pet_ct_systems
siemensbiograph_horizon_pet_ct_systems_firmware>= vj30 < vj30c-ud01vj30c-ud01
siemensmagnetom_family
siemensmagnetom_numaris_x_firmware
siemensmagnetom_numaris_x_firmware
siemensmagnetom_numaris_x_firmware
siemensmagnetom_numaris_x_firmware
siemensmagnetom_numaris_x_firmware
siemensmagnetom_numaris_x_firmware
siemensmammomat_revelation
siemensmammomat_revelation_firmware>= vc20 < vc20dvc20d
siemensnaeotom_alpha
siemensnaeotom_alpha_firmware
siemenssomatom_go.all
siemenssomatom_go.all_firmware< va30va30
siemenssomatom_go.all_firmware
siemenssomatom_go.all_firmware
siemenssomatom_go.now
siemenssomatom_go.now_firmware< va30va30
siemenssomatom_go.now_firmware
siemenssomatom_go.now_firmware
siemenssomatom_go.open_pro
siemenssomatom_go.open_pro_firmware< va30va30
siemenssomatom_go.open_pro_firmware
siemenssomatom_go.open_pro_firmware

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.