CVE-2021-37192
https://notcve.org/view.php?id=CVE-2021-37192
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). El software afectado presenta una vulnerabilidad de divulgación de información que podría permitir a un atacante recuperar una lista de dispositivos de red que un usuario conocido puede administrar • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-37191
https://notcve.org/view.php?id=CVE-2021-37191
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). Un atacante no autenticado en la misma red del sistema afectado podría forzar los nombres de usuario del software afectado • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-799: Improper Control of Interaction Frequency •
CVE-2021-37190
https://notcve.org/view.php?id=CVE-2021-37190
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). El software afectado presenta una vulnerabilidad de divulgación de información que podría permitir a un atacante recuperar la conexión VPN de un usuario conocido • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-37183
https://notcve.org/view.php?id=CVE-2021-37183
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). El software afectado permite enviar notificaciones de envío a los dispositivos administrados. • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-284: Improper Access Control •
CVE-2021-37177
https://notcve.org/view.php?id=CVE-2021-37177
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). El estado proporcionado por los clientes syslog administrados por el software afectado puede ser manipulado por un atacante no autenticado en la misma red del sistema afectado • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-471: Modification of Assumed-Immutable Data (MAID) •