Log File Exposure in SINEMA Remote Connect Server by Siemens
CVE-2022-32254

4.3MEDIUM

Key Information:

Vendor: Siemens
Status: Sinema Remote Connect Server
Vendor: CVE Published:; 14 June 2022

Summary

A vulnerability in SINEMA Remote Connect Server versions prior to 3.1 allows for a specially crafted HTTP POST request that can result in sensitive user information being logged. This exposure might provide valuable insights to potential attackers, posing risks to user privacy and security.

Affected Version(s)

SINEMA Remote Connect Server 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-48408...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/html/ssa-4840...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2022
Vulnerability Reserved
Jun 2, 2022