CVE-2022-32257

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-576771.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*

History

25 Mar 2024, 16:29

Type	Values Removed	Values Added
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-576771.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-576771.html - Patch, Vendor Advisory
Summary		(es) Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (todas las versiones < V3.2). La aplicación afectada consiste en un servicio web que carece de un control de acceso adecuado para algunos de los endpoints. Esto podría provocar un acceso no autorizado a los recursos y potencialmente provocar la ejecución de código.
First Time		Siemens sinema Remote Connect Server Siemens
CPE		cpe:2.3:a:siemens:sinema_remote_connect_server::::::::

12 Mar 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-12 11:15

Updated : 2024-03-25 16:29

NVD link : CVE-2022-32257

Mitre link : CVE-2022-32257

CVE.ORG link : CVE-2022-32257

JSON object : View

Products Affected

siemens

sinema_remote_connect_server

CWE

CWE-284

Improper Access Control

{"id": "CVE-2022-32257", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"safety": "NOT DEFINED", "version": "4.0", "recovery": "NOT DEFINED", "baseScore": 0.0, "automatable": "NOT DEFINED ", "attackVector": "NETWORK", "baseSeverity": "NONE", "valueDensity": "NOT DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:H/IR:H/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT DEFINED", "providerUrgency": "NOT DEFINED ", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT DEFINED", "integrityRequirements": "HIGH", "modifiedUserInteraction": "NOT DEFINED", "modifiedAttackComplexity": "NOT DEFINED", "Availability Requirements": "NOT DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT DEFINED", "modifiedPrivilegesRequired": "NOT DEFINED", "confidentialityRequirements": "HIGH", "vulnerabilityResponseEffort": "NOT DEFINED ", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT DEFINED", "modifiedVulnerableSystemIntegrity": "NOT DEFINED", "modifiedSubsequentSystemAvailability": "NOT DEFINED", "Modified Vulnerable System Availability": "NOT DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT DEFINED"}, "impactScore": 0.0, "exploitabilityScore": 0.0}]}, "published": "2024-03-12T11:15:45.210", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-576771.html", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (todas las versiones < V3.2). La aplicaci\u00f3n afectada consiste en un servicio web que carece de un control de acceso adecuado para algunos de los endpoints. Esto podr\u00eda provocar un acceso no autorizado a los recursos y potencialmente provocar la ejecuci\u00f3n de c\u00f3digo."}], "lastModified": "2024-03-25T16:29:15.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA2839E7-E397-4D69-865B-439F0017D540", "versionEndExcluding": "3.2"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}