Out-of-Bounds Write Vulnerability in Siemens Healthineers Syngo FastView Application
CVE-2021-42028

7.8HIGH

Key Information:

Vendor: Siemens
Status: Syngo Fastview
Vendor: CVE Published:; 4 January 2024

Summary

A critical security concern has emerged in Siemens Healthineers' Syngo FastView application, which affects all versions. The vulnerability is rooted in inadequate validation of user-supplied data during the parsing of BMP files. This flaw can lead to an out-of-bounds write scenario, creating an opportunity for attackers to execute arbitrary code within the context of the current process. The implications of this vulnerability warrant immediate attention from users to mitigate potential risks associated with unauthorized code execution.

Affected Version(s)

syngo fastView All versions

References

https://www.siemens-healthineers.com/en-us/support-docume...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 4, 2024
Vulnerability Reserved
Oct 6, 2021