Unauthorized Access to Resources and Code Execution Vulnerability
CVE-2022-32257

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Sinema Remote Connect Server
Vendor: CVE Published:; 12 March 2024

Summary

A vulnerability exists in the SINEMA Remote Connect Server, affecting all versions prior to 3.2. This issue stems from the inadequate access controls implemented in the web service, which may allow unauthorized actors to gain access to sensitive resources. The lack of appropriate restrictions on certain endpoints could enable attackers to execute arbitrary code, thereby posing significant risks to the integrity and confidentiality of the system.

Affected Version(s)

SINEMA Remote Connect Server 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5767...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Jun 2, 2022