Page 11 of 53 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. • https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf • CWE-284: Improper Access Control •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V2.0). Debido a la insuficiente comprobación de los permisos de los usuarios, un atacante puede acceder a URLs que requieren una autorización especial. • https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-863: Incorrect Authorization •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el servidor web integrado en Siemens SINEMA Remote Connect Server en versiones anteriores a 1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www.securityfocus.com/bid/92114 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-119132.pdf https://ics-cert.us-cert.gov/advisories/ICSA-16-208-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •