CVE-2022-29875: CVE-2022-29875

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-29875

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

可信数据的反序列化

Source: NVD (National Vulnerability Database)

Vulnerability Title

多款Siemens 产品代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Siemens Healthineers syngo是德国西门子（Siemens）公司的一个用于医疗的通用成像软件。用于2D，3D 和 4D 读取和高级可视化。 Siemens Healthineers 多款产品存在安全漏洞，该漏洞源于存在反序列化问题。未经身份验证的攻击者在某些情况下可以进行远程代码执行。以下产品及版本受到影响：Biograph Horizon PET/CT Systems VJ30C-UD01 版本之前所有的 VJ30 版本；MAGNETOM Family NUMARIS X VA12

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Siemens	Biograph Horizon PET/CT Systems	All VJ30 versions < VJ30C-UD01	-
Siemens	MAGNETOM Family	NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A	-
Siemens	MAMMOMAT Revelation	All VC20 versions < VC20D	-
Siemens	NAEOTOM Alpha	All VA40 versions < VA40 SP2	-
Siemens	SOMATOM X.cite	All versions < VA30 SP5 or VA40 SP2	-
Siemens	SOMATOM X.creed	All versions < VA30 SP5 or VA40 SP2	-
Siemens	SOMATOM go.All	All versions < VA30 SP5 or VA40 SP2	-
Siemens	SOMATOM go.Now	All versions < VA30 SP5 or VA40 SP2	-
Siemens	SOMATOM go.Open Pro	All versions < VA30 SP5 or VA40 SP2	-
Siemens	SOMATOM go.Sim	All versions < VA30 SP5 or VA40 SP2	-
Siemens	SOMATOM go.Top	All versions < VA30 SP5 or VA40 SP2	-
Siemens	SOMATOM go.Up	All versions < VA30 SP5 or VA40 SP2	-
Siemens	Symbia E/S	All VB22 versions < VB22A-UD03	-
Siemens	Symbia Evo	All VB22 versions < VB22A-UD03	-
Siemens	Symbia Intevo	All VB22 versions < VB22A-UD03	-
Siemens	Symbia T	All VB22 versions < VB22A-UD03	-
Siemens	Symbia.net	All VB22 versions < VB22A-UD03	-
Siemens	syngo.via VB10	All versions	-
Siemens	syngo.via VB20	All versions	-
Siemens	syngo.via VB30	All versions	-
Siemens	syngo.via VB40	All versions < VB40B HF06	-
Siemens	syngo.via VB50	All versions	-
Siemens	syngo.via VB60	All versions < VB60B HF02	-

II. Public POCs for CVE-2022-29875

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-29875

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same vendor: Siemens

Same weakness: CWE-502

V. Comments for CVE-2022-29875

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2022-29875

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-29875

III. Intelligence Information for CVE-2022-29875

IV. Related Vulnerabilities

V. Comments for CVE-2022-29875

Leave a comment