CVE-2022-42892

Published: Nov 17, 2022Modified: Apr 30, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to the account assigned to the website’s application pool.

Affected (1)

Products: Siemens: Syngo Dynamics Cardiovascular Imaging And Information System

1 product

Syngo Dynamics Cardiovascular Imaging And Information System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Syngo Dynamics Cardiovascular Imaging And Information System	Before va40g_hf01

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References (2)

https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697

Source: productcert@siemens.com

Vendor Advisory

https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.