Sign-up

ID

VAR-202512-0065


CVE

CVE-2025-40819


DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the database, allowing direct modification of the system_ticketinfo table to bypass license limitations without proper enforcement checks. This could allow with database access to circumvent licensing restrictions by directly modifying database values and potentially enabling unauthorized use beyond the permitted scope.

Trust: 1.0

sources: NVD: CVE-2025-40819

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:eqversion:3.2

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.2

Trust: 1.0

sources: NVD: CVE-2025-40819

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2025-40819
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2025-40819
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-40819

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

sources: NVD: CVE-2025-40819

EXTERNAL IDS

db:SIEMENSid:SSA-626856

Trust: 1.0

db:NVDid:CVE-2025-40819

Trust: 1.0

sources: NVD: CVE-2025-40819

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-626856.html

Trust: 1.0

sources: NVD: CVE-2025-40819

SOURCES

db:NVDid:CVE-2025-40819

LAST UPDATE DATE

2025-12-19T19:39:42.981000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-40819date:2025-12-10T21:42:00.563

SOURCES RELEASE DATE

db:NVDid:CVE-2025-40819date:2025-12-09T16:17:46.223