CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13922
https://notcve.org/view.php?id=CVE-2019-13922
13 Sep 2019 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (... • https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6570
https://notcve.org/view.php?id=CVE-2019-6570
17 Apr 2019 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V2.0). Debido a la insuficiente comprobación de los permisos de los usuarios, un atacante puede acceder a U... • https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6204
https://notcve.org/view.php?id=CVE-2016-6204
22 Jul 2016 — Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el servidor web integrado en Siemens SINEMA Remote Connect Server en versiones anteriores a 1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www.securityfocus.com/bid/92114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •