Vulnerability Details : CVE-2022-42893
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool.
Vulnerability category: File inclusion
Products affected by CVE-2022-42893
- Siemens » Syngo Dynamics Cardiovascular Imaging And Information SystemVersions before (<) va40g_hf01cpe:2.3:a:siemens:syngo_dynamics_cardiovascular_imaging_and_information_system:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-42893
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-42893
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-42893
-
The product allows user input to control or influence paths or file names that are used in filesystem operations.Assigned by: productcert@siemens.com (Secondary)
-
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-42893
-
https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697
Security AdvisoryVendor Advisory
Jump to