Server-Side Request Forgery Vulnerability in syngo Dynamics by Siemens Healthineers
CVE-2022-42894

7.5HIGH

Key Information:

Vendor: Siemens
Status: Syngo Dynamics
Vendor: CVE Published:; 17 November 2022

What is CVE-2022-42894?

An unauthenticated Server-Side Request Forgery (SSRF) vulnerability has been found in the syngo Dynamics application, which impacts all versions prior to VA40G HF01. This vulnerability allows attackers to exploit web services, leading to the potential leak of NTLM credentials and local service enumeration. Organizations using the affected version of syngo Dynamics should take immediate action to mitigate this risk.

Affected Version(s)

syngo Dynamics All versions < VA40G HF01

References

https://www.siemens-healthineers.com/en-us/support-docume...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2022
Vulnerability Reserved
Oct 12, 2022