Vulnerabilities (CVE)

Filtered by vendor Siemens Subscribe
Filtered by product Sinema Remote Connect Server
Total 54 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22924 7 Debian, Fedoraproject, Haxx and 4 more 53 Debian Linux, Fedora, Libcurl and 50 more 2024-03-27 4.3 MEDIUM 3.7 LOW
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
CVE-2021-22925 7 Apple, Fedoraproject, Haxx and 4 more 27 Mac Os X, Macos, Fedora and 24 more 2024-03-27 5.0 MEDIUM 5.3 MEDIUM
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
CVE-2022-32257 1 Siemens 1 Sinema Remote Connect Server 2024-03-25 N/A 9.8 CRITICAL
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution.
CVE-2022-32254 1 Siemens 1 Sinema Remote Connect Server 2023-12-10 5.0 MEDIUM 7.5 HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker.
CVE-2022-32259 1 Siemens 1 Sinema Remote Connect Server 2023-12-10 6.4 MEDIUM 6.5 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.
CVE-2022-25236 4 Debian, Libexpat Project, Oracle and 1 more 5 Debian Linux, Libexpat, Http Server and 2 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVE-2022-32260 1 Siemens 1 Sinema Remote Connect Server 2023-12-10 7.5 HIGH 9.8 CRITICAL
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.
CVE-2022-25235 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVE-2022-32261 1 Siemens 1 Sinema Remote Connect Server 2023-12-10 5.0 MEDIUM 7.5 HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application.
CVE-2022-27220 1 Siemens 1 Sinema Remote Connect Server 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.
CVE-2022-25314 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVE-2022-32262 1 Siemens 1 Sinema Remote Connect Server 2023-12-10 7.5 HIGH 9.8 CRITICAL
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.
CVE-2022-27219 1 Siemens 1 Sinema Remote Connect Server 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.
CVE-2022-25313 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVE-2022-27221 1 Siemens 1 Sinema Remote Connect Server 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack.
CVE-2022-29034 1 Siemens 1 Sinema Remote Connect Server 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks.
CVE-2022-32256 1 Siemens 1 Sinema Remote Connect Server 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.
CVE-2022-32252 1 Siemens 1 Sinema Remote Connect Server 2023-12-10 9.3 HIGH 7.8 HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker.
CVE-2022-32255 1 Siemens 1 Sinema Remote Connect Server 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information.
CVE-2022-32253 1 Siemens 1 Sinema Remote Connect Server 2023-12-10 5.0 MEDIUM 7.5 HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker.