Skip to main content

Sinema Remote Connect Server CVE-2022-27220

MEDIUM
Improperly Implemented Security Check for Standard (CWE-358)
2022-06-14 productcert@siemens.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 14, 2022 - 10:15 nvd
MEDIUM 4.3

DescriptionNVD

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.

AnalysisAI

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-358. A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. Affected products include: Siemens Sinema Remote Connect Server.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-25315 CRITICAL POC
9.8 Feb 18

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Rated critical severity (CVSS 9.8),

CVE-2021-20093 CRITICAL POC
9.1 Jun 16

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. Rated critical severity (CVSS 9.1),

CVE-2021-40438 CRITICAL POC
9.0 Sep 16

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.4

CVE-2022-29034 MEDIUM POC
6.1 Jun 14

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated medium severity (CVSS 6

CVE-2022-32262 CRITICAL
9.8 Jun 14

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated critical severity (CVSS

CVE-2022-32260 CRITICAL
9.8 Jun 14

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Rated critical severity (

CVE-2022-32251 CRITICAL
9.8 Jun 14

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated critical severity (CVSS

CVE-2019-13918 CRITICAL
9.8 Sep 13

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Rated critical severity (

CVE-2024-39872 CRITICAL
9.3 Jul 09

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Rated critical severity (

CVE-2019-6570 HIGH
8.8 Apr 17

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Rated high severity (CVSS 8.8

CVE-2024-39874 HIGH
8.7 Jul 09

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Rated high severity (CVSS

CVE-2024-39873 HIGH
8.7 Jul 09

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Rated high severity (CVSS

Share

CVE-2022-27220 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy