CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27220
https://notcve.org/view.php?id=CVE-2022-27220
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). La aplicación afectada carece de encabezados generales de seguridad HTTP en el servidor web configurado en el puerto 6220. • https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf • CWE-358: Improperly Implemented Security Check for Standard CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27219
https://notcve.org/view.php?id=CVE-2022-27219
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). La aplicación afectada carece de encabezados de seguridad HTTP generales en el servidor web configurado en el puerto 443. • https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf • CWE-358: Improperly Implemented Security Check for Standard CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37193
https://notcve.org/view.php?id=CVE-2021-37193
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa). Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). Un atacante no autenticado en la misma red del sistema afectado podría manipular determinados parámetros y configurar un usuario válido del software afectado como no válido (o viceversa) • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37192
https://notcve.org/view.php?id=CVE-2021-37192
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). El software afectado presenta una vulnerabilidad de divulgación de información que podría permitir a un atacante recuperar una lista de dispositivos de red que un usuario conocido puede administrar • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37191
https://notcve.org/view.php?id=CVE-2021-37191
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). Un atacante no autenticado en la misma red del sistema afectado podría forzar los nombres de usuario del software afectado • https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf • CWE-799: Improper Control of Interaction Frequency •