CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27220
https://notcve.org/view.php?id=CVE-2022-27220
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). La aplicación afectada carece de encabezados gene... • https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf • CWE-358: Improperly Implemented Security Check for Standard CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27219
https://notcve.org/view.php?id=CVE-2022-27219
14 Jun 2022 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). La aplicación afectada carece de encabezados de se... • https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf • CWE-358: Improperly Implemented Security Check for Standard CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37193
https://notcve.org/view.php?id=CVE-2021-37193
14 Sep 2021 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa). Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). Un atacante no autenticado en la misma red del sistema afectado podría manipular determinados parámetros y configurar un ... • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37192
https://notcve.org/view.php?id=CVE-2021-37192
14 Sep 2021 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). El software afectado presenta una vulnerabilidad de divulgación de información que podría permitir a un atacante recuperar una lista de disposit... • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37190
https://notcve.org/view.php?id=CVE-2021-37190
14 Sep 2021 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). El software afectado presenta una vulnerabilidad de divulgación de información que podría permitir a un atacante recuperar la conexión VPN de un usuario conocido • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37191
https://notcve.org/view.php?id=CVE-2021-37191
14 Sep 2021 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). Un atacante no autenticado en la misma red del sistema afectado podría forzar los nombres de usuario del software afectado • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-799: Improper Control of Interaction Frequency •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37183
https://notcve.org/view.php?id=CVE-2021-37183
14 Sep 2021 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). El software afectado permite enviar notificacione... • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37177
https://notcve.org/view.php?id=CVE-2021-37177
14 Sep 2021 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). El estado proporcionado por los clientes syslog administrados por el software afectado puede ser manipulado por un atacante no autent... • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31338
https://notcve.org/view.php?id=CVE-2021-31338
19 Aug 2021 — A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Client (Todas las versiones anteriores a V3.0 SP1). Los dispositivos afectados permiten modificar los ajustes de configuración a través de un canal no autenticado. • https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf • CWE-15: External Control of System or Configuration Setting •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 2CVE-2021-22924 – curl: Bad connection reuse due to flawed path name checks
https://notcve.org/view.php?id=CVE-2021-22924
22 Jul 2021 — libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' whic... • https://github.com/Trinadh465/external_curl_AOSP10_r33_CVE-2021-22924 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •