CVE-2022-42892

MEDIUM

syngo Dynamics < VA40G HF01 - Unauthenticated Directory Listing via Web Service Operation

Title source: llm

Description

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to the account assigned to the website’s application pool.

References (1)

Core 1

Core References

Vendor Advisory

https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697

Scores

CVSS v3 5.3

EPSS 0.0027

EPSS Percentile 50.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22 CWE-23

Status published

Products (1)

siemens/syngo_dynamics_cardiovascular_imaging_and_information_system < va40g_hf01

Published Nov 17, 2022

Tracked Since Feb 18, 2026