Siemens: Security Vulnerabilities
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.021
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack.
CVSS Score
5.9
EPSS Score
0.004
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code.
This could allow attackers to perform reflected cross-site scripting (XSS) attacks.
CVSS Score
6.1
EPSS Score
0.07
Published
2022-06-14
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could be executed.
CVSS Score
8.6
EPSS Score
0.001
Published
2022-06-14
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known.
CVSS Score
8.6
EPSS Score
0.004
Published
2022-06-14
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions.
CVSS Score
9.3
EPSS Score
0.007
Published
2022-06-14
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another user's password hash.
CVSS Score
6.9
EPSS Score
0.002
Published
2022-06-14