Headline
CVE-2022-29875: Siemens Healthineers Security Advisory
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.
Biograph Horizon PET/CT Systems:
All VJ30 versions < VJ30C-UD01
Update to VJ30C-UD01 or later version. This is
either remotely installed via SRS or contact your
local service representative
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
MAGNETOM Family:
NUMARIS X: VA12M, VA12S, VA10B, VA20A,
VA30A, VA31A
Contact your local service representative
Allow network access to ports 32912/tcp and
32914/tcp for trusted clients only
This product can be installed/operated in “workstation
mode” where the client and server are
installed on the same system. For such setups
Siemens Healthineers recommends closing the
ports 32912/tcp and 32914/tcp on the server Windows
firewall for all inbound traffic
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
MAMMOMAT Revelation:
All VC20 versions < VC20D
Contact your local service representative to update
to VC20D or later version
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
NAEOTOM Alpha:
All VA40 versions < VA40 SP2
Contact your local service representative to update
to VA40 SP2 or later version
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
SOMATOM go.All:
All versions < VA30 SP5 or VA40 SP2
Contact your local service representative to update
to VA30 SP5, VA40 SP2 or a later version
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
SOMATOM go.Now:
All versions < VA30 SP5 or VA40 SP2
Contact your local service representative to update
to VA30 SP5, VA40 SP2 or a later version
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
SOMATOM go.Open Pro:
All versions < VA30 SP5 or VA40 SP2
Contact your local service representative to update
to VA30 SP5, VA40 SP2 or a later version
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
SOMATOM go.Sim:
All versions < VA30 SP5 or VA40 SP2
ontact your local service representative to update
to VA30 SP5, VA40 SP2 or a later version
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
SOMATOM go.Top:
All versions < VA30 SP5 or VA40 SP2
Contact your local service representative to update
to VA30 SP5, VA40 SP2 or a later version
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
SOMATOM go.Up:
All versions < VA30 SP5 or VA40 SP2
Contact your local service representative to update
to VA30 SP5, VA40 SP2 or a later version
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
SOMATOM X.cite:
All versions < VA30 SP5 or VA40 SP2
Contact your local service representative to update
to VA30 SP5, VA40 SP2 or a later version
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
SOMATOM X.creed:
All versions < VA30 SP5 or VA40 SP2
Contact your local service representative to update
to VA30 SP5, VA40 SP2 or a later version
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
Symbia E/S:
All VB22 versions < VB22A-UD03
Update to VB22A-UD03 or later version. This is
either remotely installed via SRS or contact your
local service representative
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
Symbia Evo:
All VB22 versions < VB22A-UD03
Update to VB22A-UD03 or later version. This is
either remotely installed via SRS or contact your
local service representative
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
Symbia Intevo:
All VB22 versions < VB22A-UD03
Update to VB22A-UD03 or later version. This is
either remotely installed via SRS or contact your
local service representative
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
Symbia T:
All VB22 versions < VB22A-UD03
Update to VB22A-UD03 or later version. This is
either remotely installed via SRS or contact your
local service representative
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
Symbia.net:
All VB22 versions < VB22A-UD03
Update to VB22A-UD03 or later version. This is
either remotely installed via SRS or contact your
local service representative
Due to product layout, the CVSS score is
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,
reducing the CVSS overall score to 8.8
See further recommendations from section
Workarounds and Mitigations
syngo.via VB10:
All versions
Update to VB40B HF06, VB60B HF02 or later version
Syngo.via can be installed/operated in “workstation
mode” where the client and server are installed
on the same system. For such setups
Siemens Healthineers recommends closing the
ports 32912/tcp and 32914/tcp on the server Windows
firewall for all inbound traffic
See further recommendations from section
Workarounds and Mitigations
syngo.via VB20:
All versions
Update to VB40B HF06, VB60B HF02 or later version
Syngo.via can be installed/operated in “workstation
mode” where the client and server are installed
on the same system. For such setups
Siemens Healthineers recommends closing the
ports 32912/tcp and 32914/tcp on the server Windows
firewall for all inbound traffic
See further recommendations from section
Workarounds and Mitigations
syngo.via VB30:
All versions
Update to VB40B HF06, VB60B HF02 or later version
Ensure the Whitelisting (WDAC) is activated on
the server
Syngo.via can be installed/operated in “workstation
mode” where the client and server are installed
on the same system. For such setups
Siemens Healthineers recommends closing the
ports 32912/tcp and 32914/tcp on the server Windows
firewall for all inbound traffic
See further recommendations from section
>Workarounds and Mitigations
syngo.via VB40:
All versions < VB40B HF06
Update to VB40B HF06, VB60B HF02 or later version
Ensure the Whitelisting (WDAC) is activated on
the server
Syngo.via can be installed/operated in “workstation
mode” where the client and server are installed
on the same system. For such setups
Siemens Healthineers recommends closing the
ports 32912/tcp and 32914/tcp on the server Windows
firewall for all inbound traffic
See further recommendations from section
Workarounds and Mitigations
syngo.via VB50:
All versions
Update to VB60B HF02 or later version
Ensure the Whitelisting (WDAC) is activated on
the server
Syngo.via can be installed/operated in “workstation
mode” where the client and server are installed
on the same system. For such setups
Siemens Healthineers recommends closing the
ports 32912/tcp and 32914/tcp on the server Windows
firewall for all inbound traffic
See further recommendations from section
Workarounds and Mitigations
syngo.via VB60:
All versions < VB60B HF02
Update to VB60B HF02 or later version
Ensure the Whitelisting (WDAC) is activated on
the server
Syngo.via can be installed/operated in “workstation
mode” where the client and server are installed
on the same system. For such setups
Siemens Healthineers recommends closing the
ports 32912/tcp and 32914/tcp on the server Windows
firewall for all inbound traffic
See further recommendations from section
Workarounds and Mitigations