Access Control Flaw in SINEMA Remote Connect Server by Siemens
CVE-2022-32255

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Sinema Remote Connect Server
Vendor: CVE Published:; 14 June 2022

Summary

A vulnerability in the SINEMA Remote Connect Server (all versions prior to V3.1) has been detected due to inadequate access control measures for certain web service endpoints. This flaw could enable unauthorized users to gain access to restricted information, potentially compromising the system's integrity and security. It is critical for users to evaluate their versions and implement necessary security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

SINEMA Remote Connect Server 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-48408...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/html/ssa-4840...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2022
Vulnerability Reserved
Jun 2, 2022