CVE-2022-29875

Name of the Vulnerable Software and Affected Versions Biograph Horizon PET/CT Systems versions VJ30 through VJ30C-UD01 MAGNETOM Family versions VA10B through VA31A MAMMOMAT Revelation versions VC20 through VC20D NAEOTOM Alpha versions VA40 through VA40 SP2 SOMATOM X.cite versions prior to VA30 SP5 or VA40 SP2 SOMATOM X.creed versions prior to VA30 SP5 or VA40 SP2 SOMATOM go.All versions prior to VA30 SP5 or VA40 SP2 SOMATOM go.Now versions prior to VA30 SP5 or VA40 SP2 SOMATOM go.Open Pro versions prior to VA30 SP5 or VA40 SP2 SOMATOM go.Sim versions prior to VA30 SP5 or VA40 SP2 SOMATOM go.Top versions prior to VA30 SP5 or VA40 SP2 SOMATOM go.Up versions prior to VA30 SP5 or VA40 SP2 Symbia E/S versions VB22 through VB22A-UD03 Symbia Evo versions VB22 through VB22A-UD03 Symbia Intevo versions VB22 through VB22A-UD03 Symbia T versions VB22 through VB22A-UD03 Symbia.net versions VB22 through VB22A-UD03 syngo.via VB10 version all syngo.via VB20 version all syngo.via VB30 version all syngo.via VB40 versions prior to VB40B HF06 syngo.via VB50 version all syngo.via VB60 versions prior to VB60B HF02

Description The application deserialises untrusted data without sufficient validations, which could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

Recommendations For Biograph Horizon PET/CT Systems versions VJ30 through VJ30C-UD01, update to version VJ30C-UD01 or later. For MAGNETOM Family versions VA10B through VA31A, update to a version later than VA31A. For MAMMOMAT Revelation versions VC20 through VC20D, update to version VC20D or later. For NAEOTOM Alpha versions VA40 through VA40 SP2, update to version VA40 SP2 or later. For SOMATOM X.cite, SOMATOM X.creed, SOMATOM go.All, SOMATOM go.Now, SOMATOM go.Open Pro, SOMATOM go.Sim, SOMATOM go.Top, SOMATOM go.Up, update to versions VA30 SP5 or VA40 SP2 or later. For Symbia E/S, Symbia Evo, Symbia Intevo, Symbia T, Symbia.net versions VB22 through VB22A-UD03, update to version VB22A-UD03 or later. For syngo.via VB10, VB20, VB50, there is no information about a newer version that contains a fix for this vulnerability. For syngo.via VB40 versions prior to VB40B HF06, update to version VB40B HF06 or later. For syngo.via VB60 versions prior to VB60B HF02, update to version VB60B HF02 or later.