CVE & CISA-KEV Catalog

CVE-2022-29875

CRITICALEPSS 73th pctl
9.8
CVSS v3
NVD

Description

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

How to fix

Remediation Available
biograph horizon pet\/ct systems firmwareNVD
Affected:>= vj30, < vj30c-ud01Fixed in:vj30c-ud01CVE-2022-29875derived from NVD
mammomat revelation firmwareNVD
Affected:>= vc20, < vc20dFixed in:vc20dCVE-2022-29875derived from NVD
somatom go.all firmwareNVD
Affected:< va30Fixed in:va30CVE-2022-29875derived from NVD
somatom go.now firmwareNVD
Affected:< va30Fixed in:va30CVE-2022-29875derived from NVD
somatom go.open pro firmwareNVD
Affected:< va30Fixed in:va30CVE-2022-29875derived from NVD
somatom go.sim firmwareNVD
Affected:< va30Fixed in:va30CVE-2022-29875derived from NVD
somatom go.up firmwareNVD
Affected:< va30Fixed in:va30CVE-2022-29875derived from NVD
somatom x.cite firmwareNVD
Affected:< va30Fixed in:va30CVE-2022-29875derived from NVD
somatom x.creed firmwareNVD
Affected:< va30Fixed in:va30CVE-2022-29875derived from NVD
symbia e firmwareNVD
Affected:>= vb22, < vb22a-ud03Fixed in:vb22a-ud03CVE-2022-29875derived from NVD
symbia evo firmwareNVD
Affected:>= vb22, < vb22a-ud03Fixed in:vb22a-ud03CVE-2022-29875derived from NVD
symbia intevo firmwareNVD
Affected:>= vb22, < vb22a-ud03Fixed in:vb22a-ud03CVE-2022-29875derived from NVD
symbia s firmwareNVD
Affected:>= vb22, < vb22a-ud03Fixed in:vb22a-ud03CVE-2022-29875derived from NVD
symbia t firmwareNVD
Affected:>= vb22, < vb22a-ud03Fixed in:vb22a-ud03CVE-2022-29875derived from NVD
syngo.viaNVD
Affected:>= vb60, < vb60bFixed in:vb60bCVE-2022-29875derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

1.63%probability of exploitation in 30 days
73rdpercentile

Elevated risk: more likely to be exploited than 73% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-502 (Deserialization of Untrusted Data) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-0669High7.2100%KEV + RansomFix
CVE-2021-44228Critical10.0100%KEV + RansomFix
CVE-2021-35464Critical9.8100%KEV + RansomFix
CVE-2023-29300Critical9.8100%KEV + Ransom-
CVE-2025-53770Critical9.8100%KEV + RansomFix
CVE-2022-47986Critical9.8100%KEV + Ransom-
Embed a live status badge for CVE-2022-29875
CVE-2022-29875 severity badge

Markdown

[![CVE-2022-29875](https://tridentstack.com/cve/badge/CVE-2022-29875.svg)](https://tridentstack.com/cve/CVE-2022-29875)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-29875"><img src="https://tridentstack.com/cve/badge/CVE-2022-29875.svg" alt="CVE-2022-29875"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.