SIEMENS-SSA-484086 · Published 2024-07-09 · View on Siemens ProductCERT ↗

SSA-484086 V1.1 (Last Update: 2024-07-09): Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.1

CVSS 9.8 CRITICAL

Risk Summary

<p>SINEMA Remote Connect Server is affected by multiple vulnerabilities, including</p> <ul> <li>A cross-site scripting vulnerability in an error message pop up window (CVE-2022-29034)</li> <li>Several authentication bypass, privilege escalation and integrity check vulnerabilities (CVE-2022-32251 through -32261)</li> <li>A command injection vulnerability in the file upload service (CVE-2022-32262)</li> <li>A chosen-plaintext attack against HTTP over TLS (“BREACH”, CVE-2022-27221)</li> <li>Information disclosure vulnerabilities in the curl component (CVE-2021-22924 through -22925)</li> <li>Several vulnerabilities in the libexpat library, that could be exploited when the server is parsing untrusted XML files (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822 through -22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235 through -25236, CVE-2022-25313 through -25315.</li> </ul> <p>Siemens has released an update for the SINEMA Remote Connect Server and recommends to update to the latest versio

CVEs (12)

CVE-2022-29034 CVE-2022-32251 CVE-2022-32262 CVE-2022-27221 CVE-2021-22924 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25313

Remediations

Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-484086 V1.1 (Last Update: 2024-07-09): Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.1 See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more