Sinema Remote Connect Server Siemens Sinema Remote Connect Server

Do you want an email whenever new security vulnerabilities are reported in Siemens Sinema Remote Connect Server?

By the Year

In 2022 there have been 0 vulnerabilities in Siemens Sinema Remote Connect Server . Last year Sinema Remote Connect Server had 8 security vulnerabilities published. Right now, Sinema Remote Connect Server is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 8 5.98
2020 1 7.50
2019 6 6.23
2018 0 0.00

It may take a day or so for new Sinema Remote Connect Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Siemens Sinema Remote Connect Server Security Vulnerabilities

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2)

CVE-2021-37193 4.3 - Medium - September 14, 2021

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa).

MAID

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2)

CVE-2021-37192 4.3 - Medium - September 14, 2021

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage.

Information Disclosure

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2)

CVE-2021-37191 4.3 - Medium - September 14, 2021

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.

Insufficient anti-automation

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2)

CVE-2021-37190 4.3 - Medium - September 14, 2021

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.

Information Disclosure

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2)

CVE-2021-37183 6.5 - Medium - September 14, 2021

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices.

Authorization

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2)

CVE-2021-37177 6.5 - Medium - September 14, 2021

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system.

MAID

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0)

CVE-2020-25239 8.8 - High - March 15, 2021

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights.

AuthZ

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0)

CVE-2020-25240 8.8 - High - March 15, 2021

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service.

AuthZ

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVE-2020-7595 7.5 - High - January 21, 2020

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Infinite Loop

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

CVE-2019-19956 7.5 - High - December 24, 2019

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Missing Release of Resource after Effective Lifetime

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1)

CVE-2019-13918 9.8 - Critical - September 13, 2019

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.

Weak Password Requirements

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1)

CVE-2019-13919 4.3 - Medium - September 13, 2019

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1)

CVE-2019-13920 4.3 - Medium - September 13, 2019

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Session Riding

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1)

CVE-2019-13922 2.7 - Low - September 13, 2019

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known.

Missing Encryption of Sensitive Data

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0)

CVE-2019-6570 8.8 - High - April 17, 2019

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.

Improper Handling of Insufficient Permissions or Privileges

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Siemens Sinema Remote Connect Server or by Siemens? Click the Watch button to subscribe.

Siemens
Vendor

subscribe