CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32259
https://notcve.org/view.php?id=CVE-2022-32259
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). Las imágenes del sistema para la instalación o actualización de la aplicación afectada contienen scripts de pruebas unitarias con información confidencial. • https://cert-portal.siemens.com/productcert/html/ssa-484086.html https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf • CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32258
https://notcve.org/view.php?id=CVE-2022-32258
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada contiene una función antigua que permite importar configuraciones de dispositivos por medio de un endpoint específico. • https://cert-portal.siemens.com/productcert/html/ssa-484086.html https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf • CWE-448: Obsolete Feature in UI •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32256
https://notcve.org/view.php?id=CVE-2022-32256
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada consiste en un servicio web que carece de un control de acceso adecuado para algunos de los endpoints. • https://cert-portal.siemens.com/productcert/html/ssa-484086.html https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32255
https://notcve.org/view.php?id=CVE-2022-32255
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada consiste en un servicio web que carece de un control de acceso adecuado para algunos de los endpoints. • https://cert-portal.siemens.com/productcert/html/ssa-484086.html https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32254
https://notcve.org/view.php?id=CVE-2022-32254
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). Una petición HTTP POST personalizada podría forzar a la aplicación a escribir el estado de un determinado usuario en un archivo de registro, exponiendo información confidencial del usuario que podría proporcionar una valiosa orientación a un atacante • https://cert-portal.siemens.com/productcert/html/ssa-484086.html https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf • CWE-532: Insertion of Sensitive Information into Log File •