CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39568
https://notcve.org/view.php?id=CVE-2024-39568
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges. • https://cert-portal.siemens.com/productcert/html/ssa-868282.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39567
https://notcve.org/view.php?id=CVE-2024-39567
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Client (todas las versiones < V3.2 HF1). El servicio del sistema de las aplicaciones afectadas e... • https://cert-portal.siemens.com/productcert/html/ssa-868282.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32257
https://notcve.org/view.php?id=CVE-2022-32257
12 Mar 2024 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (todas las versiones < V3.2). La aplicación afectada consiste en un servicio web que carece de un control de acceso adecuado para algunos de los ... • https://cert-portal.siemens.com/productcert/html/ssa-576771.html • CWE-284: Improper Access Control •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22045
https://notcve.org/view.php?id=CVE-2024-22045
12 Mar 2024 — A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Client (todas las versiones < V3.1 SP1). El producto coloca información confidencial en archivos o... • https://cert-portal.siemens.com/productcert/html/ssa-653855.html • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2022-32262
https://notcve.org/view.php?id=CVE-2022-32262
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada contiene un servidor de carga de archivos que es vulnerable a una inyección de comandos. • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32261
https://notcve.org/view.php?id=CVE-2022-32261
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada contiene una configuración errónea en la actualización de APT. • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-233: Improper Handling of Parameters •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32260
https://notcve.org/view.php?id=CVE-2022-32260
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada crea credenciales de usuario temporales para los usuarios de UMC (User Management ... • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-286: Incorrect User Management •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32259
https://notcve.org/view.php?id=CVE-2022-32259
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). Las imágenes del sistema para la instalación o actualización de la aplicación af... • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32258
https://notcve.org/view.php?id=CVE-2022-32258
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada contiene una función antigua que permite importar configuraciones de dispositivos por medio de un ... • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-448: Obsolete Feature in UI •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32256
https://notcve.org/view.php?id=CVE-2022-32256
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada consiste en un servicio web que carece de un control de acceso adecuado para algunos de los endpoints.... • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-284: Improper Access Control •