CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13920
https://notcve.org/view.php?id=CVE-2019-13920
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known. • https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13922
https://notcve.org/view.php?id=CVE-2019-13922
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V2.0 SP1). • https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-13918
https://notcve.org/view.php?id=CVE-2019-13918
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. • https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-521: Weak Password Requirements •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13919
https://notcve.org/view.php?id=CVE-2019-13919
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. • https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6570
https://notcve.org/view.php?id=CVE-2019-6570
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V2.0). Debido a la insuficiente comprobación de los permisos de los usuarios, un atacante puede acceder a URLs que requieren una autorización especial. • https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-863: Incorrect Authorization •