VYPR

Sinema Remote Connect Server

by Siemens Foundation

CVEs (59)

  • CVE-2022-32251Jun 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and…

  • CVE-2022-27221Jun 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially…

  • CVE-2022-27220Jun 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking,…

  • CVE-2022-27219Jun 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking,…

  • CVE-2022-23102Feb 9, 2022
    risk 0.00cvss epss 0.05

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing…

  • CVE-2021-37193Sep 14, 2021
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa).

  • CVE-2021-37192Sep 14, 2021
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage.

  • CVE-2021-37190Sep 14, 2021
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.

  • CVE-2021-37191Sep 14, 2021
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.

  • CVE-2021-37183Sep 14, 2021
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these…

  • CVE-2021-37177Sep 14, 2021
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system.

  • CVE-2021-31338Aug 19, 2021
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device.

  • CVE-2020-25240Mar 15, 2021
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service.

  • CVE-2020-25239Mar 15, 2021
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker…

  • CVE-2019-13918Sep 13, 2019
    risk 0.00cvss epss 0.02

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no…

  • CVE-2019-13919Sep 13, 2019
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network…

  • CVE-2019-13920Sep 13, 2019
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to…

  • CVE-2019-13922Sep 13, 2019
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the…

  • CVE-2019-6570Apr 17, 2019
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to…

Page 3 of 3