CVE-2024-52335

CVSS 9.3 CRITICALEPSS 0.7%CWE-89

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.3EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

06 Dec 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Siemens · syngo.plaza VB30E

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-160244