CVE-2022-29875

Name: CVE-2022-29875
Creator: NVD / NIST
Published: 2022-06-01T10:15:08.197+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.63%

Last modified Jun 17, 2026

CVE-2022-29875 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. EPSS estimates a 1.63% chance of exploitation in the next 30 days.

Description

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.63%

73.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Siemens	Biograph Horizon Pet\/Ct Systems Firmware	>= vj30, < vj30c-ud01
Siemens	Magnetom Numaris X Firmware	va10b
Siemens	Magnetom Numaris X Firmware	va12m
Siemens	Magnetom Numaris X Firmware	va12s
Siemens	Magnetom Numaris X Firmware	va20a
Siemens	Magnetom Numaris X Firmware	va30a
Siemens	Magnetom Numaris X Firmware	va31a
Siemens	Mammomat Revelation Firmware	>= vc20, < vc20d
Siemens	Naeotom Alpha Firmware	va40
Siemens	Somatom X.Cite Firmware	< va30
Siemens	Somatom X.Cite Firmware	va30
Siemens	Somatom X.Cite Firmware	va40
Siemens	Somatom X.Creed Firmware	< va30
Siemens	Somatom X.Creed Firmware	va30
Siemens	Somatom X.Creed Firmware	va40
Siemens	Somatom Go.All Firmware	< va30
Siemens	Somatom Go.All Firmware	va30
Siemens	Somatom Go.All Firmware	va40
Siemens	Somatom Go.Now Firmware	< va30
Siemens	Somatom Go.Now Firmware	va30
Siemens	Somatom Go.Now Firmware	va40
Siemens	Somatom Go.Open Pro Firmware	< va30
Siemens	Somatom Go.Open Pro Firmware	va30
Siemens	Somatom Go.Open Pro Firmware	va40
Siemens	Somatom Go.Sim Firmware	< va30
Siemens	Somatom Go.Sim Firmware	va30
Siemens	Somatom Go.Sim Firmware	va40
Siemens	Somatom Go.Up Firmware	< va30
Siemens	Somatom Go.Up Firmware	va30
Siemens	Somatom Go.Up Firmware	va40
Siemens	Symbia E Firmware	>= vb22, < vb22a-ud03
Siemens	Symbia S Firmware	>= vb22, < vb22a-ud03
Siemens	Symbia Evo Firmware	>= vb22, < vb22a-ud03
Siemens	Symbia Intevo Firmware	>= vb22, < vb22a-ud03
Siemens	Symbia T Firmware	>= vb22, < vb22a-ud03
Siemens	Symbia.Net	>= vb22, <= vb22a-ud03
Siemens	Syngo.Via	>= vb40, < vb40b
Siemens	Syngo.Via	>= vb60, < vb60b
Siemens	Syngo.Via	vb10
Siemens	Syngo.Via	vb20
Siemens	Syngo.Via	vb30
Siemens	Syngo.Via	vb40b
Siemens	Syngo.Via	vb50
Siemens	Syngo.Via	vb60b

References

https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016Mitigation, Vendor Advisory
https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016Mitigation, Vendor Advisory

Timeline

Published: Jun 1, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-29875?

How severe is CVE-2022-29875?

CVE-2022-29875 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.63% probability of exploitation in the next 30 days.

How do I fix CVE-2022-29875?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-29875?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST