{"id":13528,"date":"2025-01-16T16:50:14","date_gmt":"2025-01-16T15:50:14","guid":{"rendered":"https:\/\/limessecurity.ninja\/sql-injection-vulnerability-in-siemens-healthineers-syngo-plaza-vb30e-software-uncovered-cve-2024-52335\/"},"modified":"2026-03-04T08:48:23","modified_gmt":"2026-03-04T07:48:23","slug":"sql-injection-vulnerability-in-siemens-healthineers-syngo-plaza-vb30e-software-uncovered-cve-2024-52335","status":"publish","type":"post","link":"https:\/\/limessecurity.com\/en\/sql-injection-vulnerability-in-siemens-healthineers-syngo-plaza-vb30e-software-uncovered-cve-2024-52335\/","title":{"rendered":"SQL Injection in Siemens Healthineers syngo.plaza VB30E Software Uncovered (CVE-2024-52335)"},"content":{"rendered":"[vc_row type=”full_width_content” full_screen_row_position=”middle” column_margin=”5px” equal_height=”yes” content_placement=”top” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” top_padding=”2%” constrain_group_1=”yes” bottom_padding=”2%” left_padding_desktop=”0″ constrain_group_2=”yes” right_padding_desktop=”0″ left_padding_phone=”14px” constrain_group_6=”yes” right_padding_phone=”14px” top_margin=”0″ bottom_margin=”0″ text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” zindex=”10″ row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” advanced_gradient_angle=”0″ overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” shape_type=”” gradient_type=”default”][vc_column top_padding_desktop=”0″ constrain_group_100=”yes” bottom_padding_desktop=”0″ left_padding_desktop=”0″ constrain_group_101=”yes” right_padding_desktop=”0″ top_padding_tablet=”8vw” constrain_group_102=”yes” bottom_padding_tablet=”8vw” left_padding_tablet=”8vw” constrain_group_103=”yes” right_padding_tablet=”8vw” bottom_margin_tablet=”20″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”0px” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”15px” column_link_target=”_self” column_position=”default” overflow=”hidden” advanced_gradient_angle=”0″ gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_color=”rgba(10,10,10,0.1)” column_border_style=”solid” gradient_type=”default” column_padding_type=”advanced”][\/vc_column][\/vc_row][vc_row type=”full_width_content” full_screen_row_position=”middle” column_margin=”default” equal_height=”yes” content_placement=”top” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” constrain_group_1=”yes” left_padding_desktop=”0″ constrain_group_2=”yes” right_padding_desktop=”0″ left_padding_phone=”14px” constrain_group_6=”yes” right_padding_phone=”14px” bottom_margin=”2%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” zindex=”10″ row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” advanced_gradient_angle=”0″ overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” shape_type=”” gradient_type=”default”][vc_column top_padding_desktop=”0″ constrain_group_100=”yes” bottom_padding_desktop=”0″ left_padding_desktop=”0″ constrain_group_101=”yes” right_padding_desktop=”0″ top_padding_tablet=”8vw” constrain_group_102=”yes” bottom_padding_tablet=”8vw” left_padding_tablet=”8vw” constrain_group_103=”yes” right_padding_tablet=”8vw” bottom_margin=”2%” bottom_margin_tablet=”20″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”0px” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”15px” column_link_target=”_self” column_position=”default” overflow=”hidden” advanced_gradient_angle=”0″ gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_color=”rgba(10,10,10,0.1)” column_border_style=”solid” gradient_type=”default” column_padding_type=”advanced”][vc_column_text css=”” text_direction=”default”]A recent security assessment has identified a critical vulnerability in Siemens Healthineers\u2019 syngo.plaza VB30E software<\/strong>. This vulnerability consists of an unauthenticated SQL injection flaw that could enable attackers to execute malicious SQL commands and compromise the database. In response, Siemens Healthineers has released Hotfix HF05 for syngo.plaza VB30E and strongly recommends that users upgrade to this latest version.[\/vc_column_text][\/vc_column][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][image_with_animation image_url=”7079″ image_size=”full” max_width=”100%” max_width_mobile=”default” animation_type=”entrance” animation=”None” animation_movement_type=”transform_y” hover_animation=”none” alignment=”” border_radius=”none” box_shadow=”none” image_loading=”default”][divider line_type=”No Line” custom_height=”10″][vc_column_text css=”” text_direction=”default”]syngo.plaza is a Picture Archiving and Communication System intended to display, process, read, report, print communicate, distribute, store, and archive digital medical images, including mammographic images. It supports the physician in diagnosis and treatment planning.[\/vc_column_text][vc_column_text css=”” text_direction=”default”]\n

Why is this vulnerability critical for the healthcare sector?<\/h3>\n

This could allow hackers to access patient databases, view or change confidential medical records and disrupt hospital systems. This is particularly problematic as hospitals rely on this data to treat their patients. If patient information is compromised or altered, it could influence medical decisions and delay important treatments.[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” top_padding=”1%” bottom_padding=”1%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” gradient_type=”default” shape_type=””][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_custom_heading text=”SQL Injection Vulnerability” font_container=”tag:h3|text_align:left|line_height:50px” use_theme_fonts=”yes” css=””][divider line_type=”No Line”][vc_row_inner equal_height=”yes” content_placement=”top” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”center” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” top_margin=”0″ constrain_group_1=”yes” bottom_margin=”0″ left_margin=”0″ constrain_group_2=”yes” right_margin=”0″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/4″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_pie value=”98″ label_value=”9.8″ color=”#9e1510″ css=”.vc_custom_1733909640879{background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}” el_id=”orangePieChart” title=”CVSS v3.1 Score”][vc_pie value=”93″ label_value=”9.3″ color=”#9e1510″ css=”.vc_custom_1733909568386{background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}” title=”CVSS v4.0 Score”][\/vc_column_inner][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” centered_text=”true” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”3\/4″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][nectar_icon_list color=”default” direction=”vertical” icon_size=”small” icon_style=”border”][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772482084022-0″ icon_fontawesome=”fa fa-thumb-tack” header=”Product:” text=”syngo.plaza VB30E” tab_id=”1772482084022-5″][\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772482084033-3″ icon_fontawesome=”fa fa-thumb-tack” header=”Affected Version:” text=”All versions < VB30E_HF05″ tab_id=”1772482084033-3″][\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”html” title=”List Item” id=”1772482084036-1″ icon_fontawesome=”fa fa-thumb-tack” header=”CVE \/ Vendor ID:” tab_id=”1772482084037-2″]CVE-2024-52335<\/a>[\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772482084046-5″ icon_fontawesome=”fa fa-thumb-tack” header=”Found by” text=”Felix Eberstaller & Bernhard Lorenz” tab_id=”1772482084046-6″][\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772482084051-2″ icon_fontawesome=”fa fa-thumb-tack” header=”CVSS Vector” tab_id=”1772482084052-7″][\/nectar_icon_list_item][\/nectar_icon_list][nectar_btn size=”small” button_style=”regular” button_color_2=”Accent-Color” icon_family=”none” text=”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N” url=”https:\/\/www.first.org\/cvss\/calculator\/4.0#CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N”][\/vc_column_inner][\/vc_row_inner][\/vc_column][\/vc_row][vc_row type=”full_width_background” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” bottom_padding=”2%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” shape_type=”” gradient_type=”default”][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][tabbed_section style=”minimal_flexible” tab_color=”Accent-Color” vs_content_animation=”fade” vs_link_animation=”opacity” vs_navigation_alignment=”left” vs_navigation_width_2=”25%” vs_navigation_func=”default” vs_navigation_width=”regular” vs_navigation_spacing=”15px” vs_navigation_mobile_display=”visible” vs_tab_spacing=”5%” icon_size=”24″][tab icon_family=”iconsmind” title=”Problem Description” id=”1772482084092-1″ icon_iconsmind=”iconsmind-Unlock” tab_id=”1772482084092-9″][vc_row_inner column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”left” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”top-bottom” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” enable_animation=”true” animation=”fade-in-from-bottom” animation_easing=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_column_text css=”.vc_custom_1734428397060{padding-right: 10% !important;}” text_direction=”default”]The affected application does not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/tab][tab icon_family=”iconsmind” title=”Recommended Action” id=”1772482084113-9″ icon_iconsmind=”iconsmind-Idea-2″ tab_id=”1772482084113-9″][vc_row_inner equal_height=”yes” content_placement=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”right” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_column_text css=”” text_direction=”default”]In addition, Siemens Healthineers generelly recommends the following:<\/p>\n