ID
VAR-202403-0635
CVE
CVE-2022-32257
TITLE
Siemens' SINEMA Remote Connect Server access control vulnerabilities in
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution. Siemens' SINEMA Remote Connect Server contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks
Trust: 2.16
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | sinema remote connect server | scope: | lt | version: | 3.2 | Trust: 1.0 |
| vendor: | シーメンス | model: | sinema remote connect server | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sinema remote connect server | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sinema remote connect server | scope: | eq | version: | 3.2 | Trust: 0.8 |
| vendor: | siemens | model: | sinema remote connect server | scope: | lt | version: | v3.2 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-284 | Trust: 1.0 |
| problemtype: | Inappropriate access control (CWE-284) [ others ] | Trust: 0.8 |
PATCH
| title: | Patch for Siemens SINEMA Remote Connect Server Access Control Error Vulnerability (CNVD-2024-13805) | url: | https://www.cnvd.org.cn/patchinfo/show/534551 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-32257 | Trust: 3.2 |
| db: | SIEMENS | id: | SSA-576771 | Trust: 2.4 |
| db: | JVN | id: | JVNVU93656033 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-24-074-03 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2022-025078 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2024-13805 | Trust: 0.6 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-576771.html | Trust: 2.4 |
| url: | https://jvn.jp/vu/jvnvu93656033/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32257 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-03 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2024-13805 |
| db: | JVNDB | id: | JVNDB-2022-025078 |
| db: | NVD | id: | CVE-2022-32257 |
LAST UPDATE DATE
2024-04-19T20:42:10.148000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-13805 | date: | 2024-03-19T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-025078 | date: | 2024-03-27T00:50:00 |
| db: | NVD | id: | CVE-2022-32257 | date: | 2024-03-25T16:29:15.437 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-13805 | date: | 2024-03-19T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-025078 | date: | 2024-03-27T00:00:00 |
| db: | NVD | id: | CVE-2022-32257 | date: | 2024-03-12T11:15:45.210 |