CVE-2024-52335: A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input...

9.8 CVSS

Description

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.

Classification

CVE ID: CVE-2024-52335

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: Siemens

Product: syngo.plaza VB30E

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 40.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-160244

Timeline

2024-12-07 00:31:25 UTC
CVE

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input...