VYPR

Sinema Remote Connect Server

by Siemens Foundation

CVEs (59)

  • CVE-2016-6204MedJul 22, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2021-22925MedAug 5, 2021
    risk 0.27cvss 5.3epss 0.05

    curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized…

  • CVE-2024-39865Jul 9, 2024
    risk 0.01cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This…

  • CVE-2022-29034Jun 14, 2022
    risk 0.01cvss epss 0.28

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site…

  • CVE-2025-40819Dec 9, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the database, allowing direct modification of the system_ticketinfo table to bypass license limitations…

  • CVE-2025-40818Dec 9, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an…

  • CVE-2025-30176May 13, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated…

  • CVE-2025-30175May 13, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated…

  • CVE-2025-30174May 13, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated…

  • CVE-2024-42345Sep 10, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor…

  • CVE-2024-42344Sep 10, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to…

  • CVE-2024-32006Sep 10, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication.

  • CVE-2024-39876Jul 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the…

  • CVE-2024-39875Jul 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships.

  • CVE-2024-39874Jul 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user…

  • CVE-2024-39873Jul 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are…

  • CVE-2024-39872Jul 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware…

  • CVE-2024-39871Jul 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the…

  • CVE-2024-39870Jul 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as…

  • CVE-2024-39869Jul 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover…

Page 1 of 3