Sinema Server
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6486 | Hig | 0.51 | 7.8 | 0.00 | Aug 8, 2016 | Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors. | ||
| CVE-2019-6575 | Hig | 0.49 | 7.5 | 0.02 | Apr 17, 2019 | A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC… | ||
| CVE-2017-6865 | Med | 0.42 | 6.5 | 0.00 | May 11, 2017 | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC… | ||
| CVE-2016-7165 | Med | 0.42 | 6.4 | 0.00 | Nov 15, 2016 | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS… | ||
| CVE-2023-35796 | 0.00 | — | 0.01 | Oct 10, 2023 | A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting… | |||
| CVE-2022-25311 | 0.00 | — | 0.01 | Mar 8, 2022 | A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended… | |||
| CVE-2022-24282 | 0.00 | — | 0.01 | Mar 8, 2022 | A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of… | |||
| CVE-2022-24281 | 0.00 | — | 0.03 | Mar 8, 2022 | A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected… | |||
| CVE-2019-10941 | 0.00 | — | 0.01 | Sep 14, 2021 | A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network… | |||
| CVE-2020-25237 | 0.00 | — | 0.21 | Feb 9, 2021 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the… | |||
| CVE-2020-7580 | 0.00 | — | 0.00 | Jun 10, 2020 | A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All… | |||
| CVE-2019-10940 | 0.00 | — | 0.01 | Jan 16, 2020 | A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The… | |||
| CVE-2014-2733 | 0.00 | — | 0.03 | Apr 19, 2014 | Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80. | |||
| CVE-2014-2732 | 0.00 | — | 0.04 | Apr 19, 2014 | Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80. | |||
| CVE-2014-2731 | 0.00 | — | 0.04 | Apr 19, 2014 | Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80. |
- risk 0.51cvss 7.8epss 0.00
Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC…
- risk 0.42cvss 6.5epss 0.00
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC…
- risk 0.42cvss 6.4epss 0.00
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS…
- CVE-2023-35796Oct 10, 2023risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting…
- CVE-2022-25311Mar 8, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended…
- CVE-2022-24282Mar 8, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of…
- CVE-2022-24281Mar 8, 2022risk 0.00cvss —epss 0.03
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected…
- CVE-2019-10941Sep 14, 2021risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network…
- CVE-2020-25237Feb 9, 2021risk 0.00cvss —epss 0.21
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the…
- CVE-2020-7580Jun 10, 2020risk 0.00cvss —epss 0.00
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All…
- CVE-2019-10940Jan 16, 2020risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The…
- CVE-2014-2733Apr 19, 2014risk 0.00cvss —epss 0.03
Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.
- CVE-2014-2732Apr 19, 2014risk 0.00cvss —epss 0.04
Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80.
- CVE-2014-2731Apr 19, 2014risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.