Vulnerability in syngo.plaza VB30E Allows Execution of Malicious SQL Commands

CVE-2024-52335

9.8CRITICAL

Key Information

Vendor: Siemens
Status: Syngo.plaza Vb30e
Vendor: CVE Published:; 6 December 2024

Summary

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.

Affected Version(s)

syngo.plaza VB30E < 0

Refferences

https://www.siemens-healthineers.com/en-us/support-docume...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2024
Vulnerability Reserved
Nov 8, 2024

Collectors

NVD DatabaseMitre Database