CVE-2022-42732

HIGH

syngo Dynamics < VA40G HF01 - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool.

References (1)

[Vendor Advisory] https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 55.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-610 CWE-73

Status published

Products (1)

siemens/syngo_dynamics_cardiovascular_imaging_and_information_system < va40g_hf01

Published Nov 17, 2022

Tracked Since Feb 18, 2026