CVE-2020-25239
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights.
Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (todas las versiones anteriores a V3.0). El servidor web podría permitir acciones no autorizadas por medio de unas url especiales para usuarios sin privilegios. La configuración del servidor de autorización de UMC podría ser cambiada para agregar un servidor no autorizado mediante un atacante que se autentica con derechos de usuario sin privilegios
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-10 CVE Reserved
- 2021-03-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-731317.pdf | 2021-03-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Sinema Remote Connect Server Search vendor "Siemens" for product "Sinema Remote Connect Server" | < 3.0 Search vendor "Siemens" for product "Sinema Remote Connect Server" and version " < 3.0" | - |
Affected
| ||||||