Sign-up

ID

VAR-202206-0845


CVE

CVE-2022-32254


TITLE

Siemens SINEMA Remote Connect Server Log information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202206-1249

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants. Attackers can use this vulnerability to obtain sensitive information of users

Trust: 1.08

sources: NVD: CVE-2022-32254 // VULHUB: VHN-424193 // VULMON: CVE-2022-32254

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.1

Trust: 1.0

sources: NVD: CVE-2022-32254

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-32254
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202206-1249
value: HIGH

Trust: 0.6

VULHUB: VHN-424193
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

VULHUB: VHN-424193
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-424193 // NVD: CVE-2022-32254 // CNNVD: CNNVD-202206-1249

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.1

sources: VULHUB: VHN-424193 // NVD: CVE-2022-32254

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1249

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202206-1249

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-32254

PATCH
title:Siemens SINEMA Remote Connect Server Repair measures for log information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=197241
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202206-1249

EXTERNAL IDS
db:NVDid:CVE-2022-32254
Trust: 1.8
db:SIEMENSid:SSA-484086
Trust: 1.8
db:ICS CERTid:ICSA-22-167-17
Trust: 0.7
db:CNNVDid:CNNVD-202206-1249
Trust: 0.6
db:CNVDid:CNVD-2022-45226
Trust: 0.1
db:VULHUBid:VHN-424193
Trust: 0.1
db:VULMONid:CVE-2022-32254
Trust: 0.1
sources:
            
            
            VULHUB: VHN-424193 // 
            
            
            
            VULMON: CVE-2022-32254 // 
            
            
            
            NVD: CVE-2022-32254 // 
            
            
            
            CNNVD: CNNVD-202206-1249

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Trust: 1.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-32254/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17
Trust: 0.1
sources:
            
            
            VULHUB: VHN-424193 // 
            
            
            
            VULMON: CVE-2022-32254 // 
            
            
            
            NVD: CVE-2022-32254 // 
            
            
            
            CNNVD: CNNVD-202206-1249

CREDITS
Siemens notified CISA of these vulnerabilities.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202206-1249

SOURCES
db:VULHUBid:VHN-424193
db:VULMONid:CVE-2022-32254
db:NVDid:CVE-2022-32254
db:CNNVDid:CNNVD-202206-1249

LAST UPDATE DATE
2023-12-18T10:52:34.454000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-424193date:2022-06-23T00:00:00
db:VULMONid:CVE-2022-32254date:2022-06-14T00:00:00
db:NVDid:CVE-2022-32254date:2022-06-23T14:11:17.130
db:CNNVDid:CNNVD-202206-1249date:2022-06-30T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-424193date:2022-06-14T00:00:00
db:VULMONid:CVE-2022-32254date:2022-06-14T00:00:00
db:NVDid:CVE-2022-32254date:2022-06-14T10:15:20.867
db:CNNVDid:CNNVD-202206-1249date:2022-06-14T00:00:00