Vulnerabilities (CVE)

Filtered by vendor Siemens Subscribe
Filtered by product Sinema Remote Connect Server
Total 33 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27220 1 Siemens 1 Sinema Remote Connect Server 2022-06-24 4.3 MEDIUM 4.3 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.
CVE-2022-27219 1 Siemens 1 Sinema Remote Connect Server 2022-06-23 4.3 MEDIUM 4.3 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.
CVE-2022-32252 1 Siemens 1 Sinema Remote Connect Server 2022-06-23 9.3 HIGH 7.8 HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker.
CVE-2022-32254 1 Siemens 1 Sinema Remote Connect Server 2022-06-23 5.0 MEDIUM 7.5 HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker.
CVE-2022-32256 1 Siemens 1 Sinema Remote Connect Server 2022-06-23 4.0 MEDIUM 6.5 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.
CVE-2022-32255 1 Siemens 1 Sinema Remote Connect Server 2022-06-23 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information.
CVE-2022-32260 1 Siemens 1 Sinema Remote Connect Server 2022-06-23 7.5 HIGH 9.8 CRITICAL
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.
CVE-2022-29034 1 Siemens 1 Sinema Remote Connect Server 2022-06-23 4.3 MEDIUM 6.1 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks.
CVE-2022-32261 1 Siemens 1 Sinema Remote Connect Server 2022-06-23 5.0 MEDIUM 7.5 HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application.
CVE-2022-32258 1 Siemens 1 Sinema Remote Connect Server 2022-06-22 5.0 MEDIUM 7.5 HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure.
CVE-2022-32259 1 Siemens 1 Sinema Remote Connect Server 2022-06-22 6.4 MEDIUM 6.5 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.
CVE-2022-32262 1 Siemens 1 Sinema Remote Connect Server 2022-06-22 7.5 HIGH 9.8 CRITICAL
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.
CVE-2022-32253 1 Siemens 1 Sinema Remote Connect Server 2022-06-22 5.0 MEDIUM 7.5 HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker.
CVE-2022-32251 1 Siemens 1 Sinema Remote Connect Server 2022-06-22 7.5 HIGH 9.8 CRITICAL
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user.
CVE-2022-27221 1 Siemens 1 Sinema Remote Connect Server 2022-06-22 4.3 MEDIUM 5.9 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack.
CVE-2020-7595 7 Canonical, Debian, Fedoraproject and 4 more 32 Ubuntu Linux, Debian Linux, Fedora and 29 more 2022-05-12 5.0 MEDIUM 7.5 HIGH
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2021-41991 4 Debian, Fedoraproject, Siemens and 1 more 46 Debian Linux, Fedora, Cp 1543-1 and 43 more 2022-04-12 5.0 MEDIUM 7.5 HIGH
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.
CVE-2022-23102 1 Siemens 1 Sinema Remote Connect Server 2022-02-18 5.8 MEDIUM 6.1 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.
CVE-2019-13919 1 Siemens 1 Sinema Remote Connect Server 2021-11-02 4.0 MEDIUM 4.3 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVE-2019-13922 1 Siemens 1 Sinema Remote Connect Server 2021-10-28 4.0 MEDIUM 2.7 LOW
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known.