VYPR

Sinema Remote Connect Server

by Siemens Foundation

CVEs (59)

  • CVE-2024-39868Jul 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN…

  • CVE-2024-39867Jul 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device…

  • CVE-2024-39866Jul 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files…

  • CVE-2024-39571Jul 9, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to…

  • CVE-2024-39570Jul 9, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to…

  • CVE-2024-39569Jul 9, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an…

  • CVE-2024-39568Jul 9, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an…

  • CVE-2024-39567Jul 9, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an…

  • CVE-2022-32257Mar 12, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to…

  • CVE-2024-22045Mar 12, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This…

  • CVE-2022-32262Jun 14, 2022
    risk 0.00cvss epss 0.02

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.

  • CVE-2022-32261Jun 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application.

  • CVE-2022-32260Jun 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in…

  • CVE-2022-32259Jun 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture…

  • CVE-2022-32258Jun 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure.

  • CVE-2022-32256Jun 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.

  • CVE-2022-32255Jun 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information.

  • CVE-2022-32254Jun 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an…

  • CVE-2022-32253Jun 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker.

  • CVE-2022-32252Jun 14, 2022
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to…