A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution.
The application exposes a web service in which some endpoints do not require proper authentication or authorization. An attacker can remotely, without any permissions and without user interaction, send requests to these unprotected endpoints. This allows unauthorized access to sensitive system resources and potentially enables arbitrary code execution on the server.
An attacker can gain unauthorized access to server resources and potentially execute arbitrary code with application privileges, threatening the confidentiality, integrity, and availability of the system.
Siemens SINEMA Remote Connect Server should be updated to version V3.2 or newer. Detailed information about the patch is available in the Siemens security bulletin: https://cert-portal.siemens.com/productcert/html/ssa-576771.html
Siemens SINEMA Remote Connect Server — all versions prior to V3.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSiemens Sinema Remote Connect Server
APPSiemens< 3.2
Related vulnerabilities
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
Privilege escalation w SINEMA Remote Connect Server przez tymczasowe pliki aktualizacji
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for wh...
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into...