CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32259
https://notcve.org/view.php?id=CVE-2022-32259
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). Las imágenes del sistema para la instalación o actualización de la aplicación af... • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32258
https://notcve.org/view.php?id=CVE-2022-32258
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada contiene una función antigua que permite importar configuraciones de dispositivos por medio de un ... • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-448: Obsolete Feature in UI •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32256
https://notcve.org/view.php?id=CVE-2022-32256
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada consiste en un servicio web que carece de un control de acceso adecuado para algunos de los endpoints.... • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32255
https://notcve.org/view.php?id=CVE-2022-32255
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada consiste en un servicio web que carece de un control de acceso adecuado para algunos de los endpoints. • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32254
https://notcve.org/view.php?id=CVE-2022-32254
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). Una petición HTTP POST personalizada podría forzar a la aplicación a escribir el estado de un determinado usuar... • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32253
https://notcve.org/view.php?id=CVE-2022-32253
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). Debido a una comprobación de entrada inapropiada, la contraseña del certificado OpenSSL podría imprimirse en un archivo accesible para un atacante • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32252
https://notcve.org/view.php?id=CVE-2022-32252
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación no lleva a cabo una comprobación de la integridad de los paquetes de actualización. • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32251
https://notcve.org/view.php?id=CVE-2022-32251
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). Falta una verificación de autenticación para un recurso usado para cambiar los... • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 26%CPEs: 1EXPL: 3CVE-2022-29034 – SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-29034
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). Una ventana emergente de mensaje de error en la interfaz web de la aplicación afectada no evita una... • https://packetstorm.news/files/id/167554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27221
https://notcve.org/view.php?id=CVE-2022-27221
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). Un atacante en el "machine-in-the-middle" podría ... • https://cert-portal.siemens.com/productcert/html/ssa-484086.html • CWE-203: Observable Discrepancy •