Access Control Vulnerability in SINEMA Remote Connect Server by Siemens
CVE-2022-32256

4.3MEDIUM

Key Information:

Vendor: Siemens
Status: Sinema Remote Connect Server
Vendor: CVE Published:; 14 June 2022

Summary

A security flaw has been discovered in the SINEMA Remote Connect Server prior to version 3.1. This vulnerability arises from insufficient access control measures, which allow low privileged users to gain access to endpoints intended for higher privileges. If exploited, this loophole could expose sensitive data, potentially compromising the integrity of operations that rely on the confidentiality of privileged information.

Affected Version(s)

SINEMA Remote Connect Server 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-48408...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/html/ssa-4840...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2022
Vulnerability Reserved
Jun 2, 2022