Input Validation Flaw in SINEMA Remote Connect Server by Siemens
CVE-2022-32253

4.9MEDIUM

Key Information:

Vendor: Siemens
Status: Sinema Remote Connect Server
Vendor: CVE Published:; 14 June 2022

Summary

A significant vulnerability has been identified in SINEMA Remote Connect Server versions prior to 3.1 due to insufficient input validation mechanisms. This issue allows attackers to potentially access sensitive data, as the password for OpenSSL certificates could be unintentionally logged to a file that is accessible by unauthorized users. This exposure poses a serious security risk, as it may lead to unauthorized access and compromise of secure communications.

Affected Version(s)

SINEMA Remote Connect Server 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-48408...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/html/ssa-4840...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2022
Vulnerability Reserved
Jun 2, 2022