Improper Read Access Control Vulnerability in Siemens Healthineers' syngo Dynamics Application
CVE-2022-42732
7.5HIGH
Summary
An improper read access control vulnerability exists in the syngo Dynamics application server, enabling potential unauthorized retrieval of files from any accessible folder linked to the application’s operating account. This issue arises from a web service operation that lacks adequate access restrictions, which could expose sensitive files and compromise data security. It is crucial for users to update to version VA40G HF01 or later to mitigate this vulnerability.
Affected Version(s)
syngo Dynamics All versions < VA40G HF01
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved