Siemens: >> Sinema Remote Connect Server >> 1.0 Security Vulnerabilities
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.021
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack.
CVSS Score
5.9
EPSS Score
0.004
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code.
This could allow attackers to perform reflected cross-site scripting (XSS) attacks.
CVSS Score
6.1
EPSS Score
0.07
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker.
CVSS Score
4.9
EPSS Score
0.002
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-06-14