Authentication Bypass Vulnerability in SINEMA Remote Connect Server by Siemens
CVE-2022-32260

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Sinema Remote Connect Server
Vendor: CVE Published:; 14 June 2022

Summary

A vulnerability exists in the SINEMA Remote Connect Server that allows for authentication bypass due to the improper creation of temporary user credentials for UMC (User Management Component) users. This flaw enables an attacker to exploit these temporary credentials in specific scenarios, potentially leading to unauthorized access to sensitive functions or data.

Affected Version(s)

SINEMA Remote Connect Server 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-48408...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/html/ssa-3815...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2022
Vulnerability Reserved
Jun 2, 2022