Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sinema_remote_connect_server
(Siemens)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 53 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-06-14 | CVE-2022-29034 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. | Sinema_remote_connect_server | 6.1 | ||
2022-06-14 | CVE-2022-32252 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker. | Sinema_remote_connect_server | 7.8 | ||
2022-06-14 | CVE-2022-32254 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. | Sinema_remote_connect_server | 7.5 | ||
2022-06-14 | CVE-2022-32256 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. | Sinema_remote_connect_server | 6.5 | ||
2022-06-14 | CVE-2022-32260 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios. | Sinema_remote_connect_server | 9.8 | ||
2022-06-14 | CVE-2022-32261 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. | Sinema_remote_connect_server | 7.5 | ||
2022-06-14 | CVE-2022-32251 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user. | Sinema_remote_connect_server | 9.8 | ||
2022-06-14 | CVE-2022-32253 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker. | Sinema_remote_connect_server | 7.5 | ||
2022-06-14 | CVE-2022-32258 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. | Sinema_remote_connect_server | 7.5 | ||
2022-06-14 | CVE-2022-32262 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution. | Sinema_remote_connect_server | 9.8 |