CVE-2022-32257
https://notcve.org/view.php?id=CVE-2022-32257
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (todas las versiones < V3.2). La aplicación afectada consiste en un servicio web que carece de un control de acceso adecuado para algunos de los endpoints. • https://cert-portal.siemens.com/productcert/html/ssa-576771.html • CWE-284: Improper Access Control •
CVE-2023-35796 – Siemens SINEMA Server sysLocation Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35796
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823) Se ha identificado una vulnerabilidad en SINEMA Server V14 (todas las versiones). La aplicación afectada sanitiza incorrectamente ciertos datos de configuración SNMP recuperados de los dispositivos monitorizados. • https://cert-portal.siemens.com/productcert/pdf/ssa-594373.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-32262
https://notcve.org/view.php?id=CVE-2022-32262
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada contiene un servidor de carga de archivos que es vulnerable a una inyección de comandos. • https://cert-portal.siemens.com/productcert/html/ssa-484086.html https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-32261
https://notcve.org/view.php?id=CVE-2022-32261
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada contiene una configuración errónea en la actualización de APT. • https://cert-portal.siemens.com/productcert/html/ssa-484086.html https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf • CWE-233: Improper Handling of Parameters •
CVE-2022-32260
https://notcve.org/view.php?id=CVE-2022-32260
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada crea credenciales de usuario temporales para los usuarios de UMC (User Management Component). • https://cert-portal.siemens.com/productcert/html/ssa-381581.html https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf • CWE-286: Incorrect User Management •