Vulnerability Details CVE-2022-23102
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.049
EPSS Ranking 89.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
- http://packetstormsecurity.com/files/165966/SIEMENS-SINEMA-Remote-Connect-1.0-SP3-HF1-Open-Redirection.html
- http://seclists.org/fulldisclosure/2022/Feb/20
- https://cert-portal.siemens.com/productcert/pdf/ssa-654775.pdf
- http://packetstormsecurity.com/files/165966/SIEMENS-SINEMA-Remote-Connect-1.0-SP3-HF1-Open-Redirection.html
- http://seclists.org/fulldisclosure/2022/Feb/20
- https://cert-portal.siemens.com/productcert/pdf/ssa-654775.pdf
Products affected by CVE-2022-23102
-
cpe:2.3:a:siemens:sinema_remote_connect_server:-
-
cpe:2.3:a:siemens:sinema_remote_connect_server:1.0
-
cpe:2.3:a:siemens:sinema_remote_connect_server:1.1
-
cpe:2.3:a:siemens:sinema_remote_connect_server:1.2
-
cpe:2.3:a:siemens:sinema_remote_connect_server:1.3
-
cpe:2.3:a:siemens:sinema_remote_connect_server:2.0