Code Execution Vulnerability in Siemens Healthineers Syngo FastView
CVE-2021-45465

7.8HIGH

Key Information:

Vendor: Siemens
Status: Syngo Fastview
Vendor: CVE Published:; 4 January 2024

Summary

A security vulnerability exists in Syngo FastView, where the application fails to properly validate user-supplied data while parsing BMP files. This deficiency can create a write-what-where condition that attackers may exploit to execute arbitrary code within the context of the affected process. The vulnerability poses significant security risks, especially in environments relying on precise imaging solutions, making it crucial for users to assess their risk and apply any available mitigations.

Affected Version(s)

syngo fastView All versions

References

https://www.siemens-healthineers.com/en-us/support-docume...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 4, 2024
Vulnerability Reserved
Dec 23, 2021