#VU64431 Input validation error in SINEMA Remote Connect Server - CVE-2022-32253

Cybersecurity Help s.r.o.

Published: 2022-06-16

Vulnerability identifier: #VU64431

Vulnerability risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-32253

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SINEMA Remote Connect Server
Server applications / SCADA systems

Vendor: Siemens

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input. A remote administrator can print the OpenSSL certificate's password to a reachable file.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SINEMA Remote Connect Server: before 3.1

External links
https://cert-portal.siemens.com/productcert/txt/ssa-484086.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens SINEMA Remote Connect Server