During a security assessment, we discovered an insecure password encryption vulnerability (CVE-2024-52334) in Siemens Healthineers syngo.plaza VB30E, a medical imaging archiving system deployed in hospitals. The vulnerability allows an attacker to recover original passwords from insufficiently encrypted storage with a static key, potentially gaining unauthorized access to medical records.
Discovered Vulnerability
CVSS v4.0 Score
The Finding: Weak Password Encryption in syngo.plaza
The vulnerability is classified as CWE-261 (Weak Encoding for Password). syngo.plaza did not properly encrypt stored passwords, allowing an attacker with access to the relevant data to recover plaintext credentials.
We reported the vulnerability through coordinated disclosure, and Siemens Healthineers addressed it with a hotfix.
Siemens Healthineers Security Advisory: SSA-016040
A pattern, not an anomaly
This finding did not surprise us. Static passwords, hardcoded keys, and inadequate cryptographic protections have been a persistent issue across OT products for well over two decades. The problem is not limited to any single vendor or sector, it is an industry-wide pattern rooted in historical design decisions and the unique constraints of these environments.
[/vc_column_text]
Our recommendation
Operators of affected systems should definitely apply the hotfix for syngo.plaza (VB30E_HF07) in accordance with recommendation SSA-016040 from Siemens Healthineers. In addition, we recommend performing regular penetration tests.
Manufacturers should remove hardcoded access data and integrate product security holistically throughout the entire lifecycle in accordance with regulatory requirements.
