Risk | High |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2019-13918 CVE-2019-13920 CVE-2019-13922 CVE-2019-13919 |
CWE-ID | CWE-307 CWE-352 CWE-916 CWE-200 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
SINEMA Remote Connect Server Server applications / SCADA systems |
Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU21191
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13918
CWE-ID:
CWE-307 - Improper Restriction of Excessive Authentication Attempts
Exploit availability: No
DescriptionInstall updates from vendor's website.
Vulnerable software versionsSINEMA Remote Connect Server: before 2.0 SP1
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf
http://www.us-cert.gov/ics/advisories/icsa-19-260-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21193
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13920
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin in some parts of the web application. A remote attacker who is able to trigger requests of a logged-in user to the application can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as switching the connectivity state of a user or a device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSINEMA Remote Connect Server: before 2.0 SP1
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf
http://www.us-cert.gov/ics/advisories/icsa-19-260-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21194
Risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13922
CWE-ID:
CWE-916 - Use of Password Hash With Insufficient Computational Effort
Exploit availability: No
DescriptionInstall updates from vendor's website.
Vulnerable software versionsSINEMA Remote Connect Server: before 2.0 SP1
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf
http://www.us-cert.gov/ics/advisories/icsa-19-260-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21192
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13919
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper access restriction on some pages. A remote authenticated attacker with valid credentials for the web interface can gain unauthorized read access to sensitive information on the system.
Note: The information affected by this vulnerability does not include passwords.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSINEMA Remote Connect Server: before 2.0 SP1
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-260-02
http://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.