CVE-2022-42894

Published: Nov 17, 2022Modified: Apr 30, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration.

Affected (1)

Products: Siemens: Syngo Dynamics Cardiovascular Imaging And Information System

1 product

Syngo Dynamics Cardiovascular Imaging And Information System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Syngo Dynamics Cardiovascular Imaging And Information System	Before va40g_hf01

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697

Source: productcert@siemens.com

Vendor Advisory

https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.