Multiple vulnerabilities in Siemens SINEMA Remote Connect Server

Published: 2019-09-18 | Updated: 2019-09-18
Severity High
Patch available YES
Number of vulnerabilities 4
CVE ID CVE-2019-13918
CVE-2019-13920
CVE-2019-13922
CVE-2019-13919
CWE ID CWE-307
CWE-352
CWE-916
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software SINEMA Remote Connect Server Subscribe
Vendor Siemens

Security Advisory

1) Improper restriction of excessive authentication attempts

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13918

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

Description

The vulnerability allows a remote attacker to gain access to the web interface.

The vulnerability exists due to the web interface has no means to prevent password guessing attacks. A remote attacker can gain full access to the web interface.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SINEMA Remote Connect Server: -

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cross-site request forgery

Severity: Low

CVSSv3: 6 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13920

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in some parts of the web application. A remote attacker who is able to trigger requests of a logged-in user to the application can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as switching the connectivity state of a user or a device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SINEMA Remote Connect Server: -

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of password hash with insufficient computational effort

Severity: Medium

CVSSv3: 5.8 [CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13922

CWE-ID: CWE-916 - Use of Password Hash With Insufficient Computational Effort

Description

The vulnerability allows a remote attacker to access to privileged user and device information.

The vulnerability exists due to the software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort. A remote authenticated administrator can obtain the hash of a connected device’s password.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SINEMA Remote Connect Server: -

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13919

CWE-ID: CWE-200 - Information Exposure

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper access restriction on some pages. A remote authenticated attacker with valid credentials for the web interface can gain unauthorized read access to sensitive information on the system.

Note: The information affected by this vulnerability does not include passwords.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SINEMA Remote Connect Server: -

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.