Product:

Sinema_remote_connect_server

(Siemens)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 69
Date Id Summary Products Score Patch Annotated
2022-06-14 CVE-2022-32252 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker. Sinema_remote_connect_server 7.8
2022-06-14 CVE-2022-32253 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker. Sinema_remote_connect_server 7.5
2022-06-14 CVE-2022-32254 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. Sinema_remote_connect_server 7.5
2022-06-14 CVE-2022-32255 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. Sinema_remote_connect_server 5.3
2022-06-14 CVE-2022-32256 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. Sinema_remote_connect_server 6.5
2022-06-14 CVE-2022-32258 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. Sinema_remote_connect_server 7.5
2022-06-14 CVE-2022-32259 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. Sinema_remote_connect_server 6.5
2022-06-14 CVE-2022-32260 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios. Sinema_remote_connect_server 9.8
2022-06-14 CVE-2022-32261 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. Sinema_remote_connect_server 7.5
2022-06-14 CVE-2022-32262 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution. Sinema_remote_connect_server 9.8