Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sinema_remote_connect_server
(Siemens)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 69 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-14 | CVE-2021-37177 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system. | Sinema_remote_connect_server | 6.5 | ||
| 2021-09-14 | CVE-2021-37183 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices. | Sinema_remote_connect_server | 6.5 | ||
| 2021-09-14 | CVE-2021-37190 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user. | Sinema_remote_connect_server | 4.3 | ||
| 2021-09-14 | CVE-2021-37191 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software. | Sinema_remote_connect_server | 4.3 | ||
| 2021-09-14 | CVE-2021-37192 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage. | Sinema_remote_connect_server | 4.3 | ||
| 2021-09-14 | CVE-2021-37193 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa). | Sinema_remote_connect_server | 4.3 | ||
| 2021-09-16 | CVE-2021-34798 | Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. | Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Http_server, Instantis_enterprisetrack, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit, Ruggedcom_nms, Sinec_nms, Sinema_remote_connect_server, Sinema_server, Tenable\.sc | 7.5 | ||
| 2021-10-18 | CVE-2021-41991 | The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. | Debian_linux, Fedora, Cp_1543\-1_firmware, Scalance_sc622\-2c_firmware, Scalance_sc632\-2c_firmware, Scalance_sc636\-2c_firmware, Scalance_sc642\-2c_firmware, Scalance_sc646\-2c_firmware, Simatic_cp_1242\-7_gprs_v2_firmware, Simatic_cp_1243\-1_firmware, Simatic_cp_1243\-7_lte\/us_firmware, Simatic_cp_1542sp\-1_firmware, Simatic_cp_1542sp\-1_irc_firmware, Simatic_cp_1543sp\-1_firmware, Simatic_net_cp1243\-7_lte_eu_firmware, Simatic_net_cp_1243\-8_irc_firmware, Simatic_net_cp_1545\-1_firmware, Sinema_remote_connect_server, Siplus_et_200sp_cp_1542sp\-1_irc_tx_rail_firmware, Siplus_et_200sp_cp_1543sp\-1_isec_firmware, Siplus_et_200sp_cp_1543sp\-1_isec_tx_rail_firmware, Siplus_net_cp_1543\-1_firmware, Siplus_s7\-1200_cp_1243\-1_firmware, Siplus_s7\-1200_cp_1243\-1_rail_firmware, Strongswan | 7.5 | ||
| 2022-02-09 | CVE-2022-23102 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. | Sinema_remote_connect_server | 6.1 | ||
| 2022-02-18 | CVE-2022-25313 | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server | 6.5 |