{"id":13325,"date":"2026-02-25T12:50:57","date_gmt":"2026-02-25T11:50:57","guid":{"rendered":"https:\/\/limessecurity.ninja\/siemens-healthineers-syngo-plaza-insecure-password-encryption-vulnerability\/"},"modified":"2026-03-03T13:31:40","modified_gmt":"2026-03-03T12:31:40","slug":"siemens-healthineers-syngo-plaza-insecure-password-encryption-vulnerability","status":"publish","type":"post","link":"https:\/\/limessecurity.com\/en\/siemens-healthineers-syngo-plaza-insecure-password-encryption-vulnerability\/","title":{"rendered":"Siemens Healthineers syngo.plaza \u2013 insecure password encryption vulnerability"},"content":{"rendered":"[vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none”][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_column_text css=”” text_direction=”default”]During a security assessment, we discovered an insecure password encryption vulnerability (CVE-2024-52334<\/a>) in Siemens Healthineers syngo.plaza VB30E, a medical imaging archiving system deployed in hospitals. The vulnerability allows an attacker to recover original passwords from insufficiently encrypted storage with a static key, potentially gaining unauthorized access to medical records.
[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” top_padding=”1%” bottom_padding=”1%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” gradient_type=”default” shape_type=””][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_column_text css=”” text_direction=”default”]\n

Discovered Vulnerability<\/span><\/span><\/h2>\n[\/vc_column_text][divider line_type=”No Line”][vc_row_inner equal_height=”yes” content_placement=”top” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”center” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” top_margin=”0″ constrain_group_1=”yes” bottom_margin=”0″ left_margin=”0″ constrain_group_2=”yes” right_margin=”0″ column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_pie value=”63″ label_value=”6.3″ color=”#9e1510″ css=”.vc_custom_1772026551380{background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}” el_id=”orangePieChart” title=”CVSS v4.0 Score” units=”\/medi”][\/vc_column_inner][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” column_element_direction_desktop=”default” column_element_spacing=”default” centered_text=”true” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”2\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][nectar_icon_list color=”default” direction=”vertical” icon_size=”small” icon_style=”border”][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772102386769-8″ icon_fontawesome=”fa fa-thumb-tack” header=”Product:” text=”syngo.plaza VB30E” tab_id=”1772102386770-8″][\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772102386779-7″ icon_fontawesome=”fa fa-thumb-tack” header=”Affected versions:” text=”all versions < VB30E_HF07″ tab_id=”1772102386780-3″][\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”html” title=”List Item” id=”1772102386786-2″ icon_fontawesome=”fa fa-thumb-tack” header=”CVE \/ Vendor ID:” tab_id=”1772102386786-3″]CVE-2024-52334<\/a>[\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772102386790-9″ icon_fontawesome=”fa fa-thumb-tack” header=”Found by:” text=”Felix Eberstaller & Bernhard Lorenz, Limes Security GmbH” tab_id=”1772102386790-1″][\/nectar_icon_list_item][\/nectar_icon_list][\/vc_column_inner][\/vc_row_inner][nectar_btn size=”small” button_style=”regular” button_color_2=”Accent-Color” icon_family=”none” text=”CVSS:4.0\/AV:N\/AC:L\/AT:P\/PR:N\/UI:N\/VC:L\/VI:N\/VA:N\/SC:N\/SI:N\/SA:N” url=”https:\/\/www.first.org\/cvss\/calculator\/4.0#CVSS:4.0\/AV:N\/AC:L\/AT:P\/PR:N\/UI:N\/VC:L\/VI:N\/VA:N\/SC:N\/SI:N\/SA:N”][divider line_type=”Small Line” line_alignment=”center” line_thickness=”1″ divider_color=”default”][\/vc_column][\/vc_row][vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none”][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_column_text css=”” text_direction=”default”]\n

The Finding: Weak Password Encryption in syngo.plaza<\/h2>\n

The vulnerability is classified as CWE-261<\/a> (Weak Encoding for Password). syngo.plaza did not properly encrypt stored passwords, allowing an attacker with access to the relevant data to recover plaintext credentials. <\/p>\n

We reported the vulnerability through coordinated disclosure, and Siemens Healthineers addressed it with a hotfix.<\/p>\n

Siemens Healthineers Security Advisory:<\/span><\/b> <\/span>SSA-016040<\/span><\/a> <\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none”][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][divider line_type=”No Line” custom_height=”30″]\n

A pattern, not an anomaly<\/strong><\/h2>\n

This finding did not surprise us. Static passwords, hardcoded keys, and inadequate cryptographic protections have been a persistent issue across OT products for well over two decades. The problem is not limited to any single vendor or sector, it is an industry-wide pattern rooted in historical design decisions and the unique constraints of these environments.
[\/vc_column_text][divider line_type=”No Line” custom_height=”40px”][vc_column_text css=”” text_direction=”default”]\n

Our recommendation<\/strong><\/h2>\n

Operators of affected systems should definitely apply the hotfix for syngo.plaza (VB30E_HF07) in accordance with recommendation SSA-016040 from Siemens Healthineers. In addition, we recommend performing regular penetration tests<\/a>. <\/p>\n

Manufacturers should remove hardcoded access data and integrate product security holistically throughout the entire lifecycle in accordance with regulatory requirements.[\/vc_column_text][divider line_type=”No Line” custom_height=”40px”][\/vc_column][\/vc_row][vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” equal_height=”yes” content_placement=”middle” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” bg_color=”#efefef” scene_position=”center” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” gradient_type=”default” shape_type=””][vc_column column_padding=”padding-3-percent” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/2″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_column_text css=”” text_direction=”default”]\n","protected":false},"excerpt":{"rendered":"

[vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none”][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none”…<\/p>\n","protected":false},"author":5,"featured_media":13326,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[315],"tags":[],"class_list":{"0":"post-13325","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-advisories"},"_links":{"self":[{"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/posts\/13325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/comments?post=13325"}],"version-history":[{"count":0,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/posts\/13325\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/media\/13326"}],"wp:attachment":[{"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/media?parent=13325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/categories?post=13325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/tags?post=13325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}