CVE-2022-42894

HIGH

syngo Dynamics < VA40G HF01 - Unauthenticated Server-Side Request Forgery

Title source: llm

Description

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration.

References (1)

Core 1

Core References

Vendor Advisory

https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 54.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

siemens/syngo_dynamics_cardiovascular_imaging_and_information_system < va40g_hf01

Published Nov 17, 2022

Tracked Since Feb 18, 2026