CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13920
https://notcve.org/view.php?id=CVE-2019-13920
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known. • https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6570
https://notcve.org/view.php?id=CVE-2019-6570
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V2.0). Debido a la insuficiente comprobación de los permisos de los usuarios, un atacante puede acceder a URLs que requieren una autorización especial. • https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6204
https://notcve.org/view.php?id=CVE-2016-6204
Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el servidor web integrado en Siemens SINEMA Remote Connect Server en versiones anteriores a 1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www.securityfocus.com/bid/92114 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-119132.pdf https://ics-cert.us-cert.gov/advisories/ICSA-16-208-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •