cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-42345,https://securityvulnerability.io/vulnerability/CVE-2024-42345,Remote Access Vulnerability in SINEMA Remote Connect Server Could Allow Circumvention of Additional Multi-Factor Authentication,A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor authentication for user session establishment.,Siemens,Sinema Remote Connect Server,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-09-10T09:36:48.651Z,0
CVE-2024-39876,https://securityvulnerability.io/vulnerability/CVE-2024-39876,Denial of Service Vulnerability in SINEMA Remote Connect Server by Siemens,"A vulnerability exists in SINEMA Remote Connect Server versions prior to V3.2 SP1 due to improper log rotation handling. This flaw could be exploited by unauthenticated remote attackers to deplete system resources, leading to a denial of service condition that disrupts the availability of the device. It is crucial for affected users to apply necessary updates to mitigate potential risks.",Siemens,Sinema Remote Connect Server,4,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39571,https://securityvulnerability.io/vulnerability/CVE-2024-39571,Command Injection Vulnerability in SINEMA Remote Connect Server by Siemens,"A vulnerability has been identified in SENEMA Remote Connect Server, where all versions prior to V3.2 HF1 are susceptible to command injection. This weakness arises from insufficient server-side input sanitation when handling SNMP configurations. An attacker with permissions to alter the SNMP configuration can potentially execute arbitrary code with root privileges, posing significant risks to the system's integrity and security. Organizations using affected versions are advised to implement security measures and upgrade to secure versions promptly.",Siemens,Sinema Remote Connect Server,8.8,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39570,https://securityvulnerability.io/vulnerability/CVE-2024-39570,Command Injection Vulnerability in SINEMA Remote Connect Server by Siemens,"A vulnerability exists in the SINEMA Remote Connect Server, which affects all versions prior to V3.2 HF1. This vulnerability stems from inadequate server-side input sanitation when processing VxLAN configurations. As a result, authenticated attackers can exploit this flaw to execute arbitrary commands with root privileges, posing a significant threat to the system's integrity and security.",Siemens,Sinema Remote Connect Server,8.8,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39875,https://securityvulnerability.io/vulnerability/CVE-2024-39875,Information Disclosure Vulnerability in SINEMA Remote Connect Server by Siemens,"An information disclosure vulnerability has been identified in SINEMA Remote Connect Server, affecting all versions prior to V3.2 SP1. This vulnerability allows authenticated users with low privileges who possess the 'Manage own remote connections' permission to access sensitive information, including details about other users and their group memberships. This may lead to unauthorized visibility of user data, posing potential risks to user privacy and security.",Siemens,Sinema Remote Connect Server,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39874,https://securityvulnerability.io/vulnerability/CVE-2024-39874,Brute Force Vulnerability in SINEMA Remote Connect Server by Siemens,"A vulnerability has been identified in SINEMA Remote Connect Server that allows attackers to exploit the absence of proper brute force protection in the Client Communication component. This flaw enables unauthorized access by allowing multiple attempts to guess user credentials, thereby exposing sensitive user information. Organizations utilizing this platform are urged to evaluate their security measures and update to the latest software version to mitigate potential risks.",Siemens,Sinema Remote Connect Server,7.5,HIGH,0.0009699999936856329,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39871,https://securityvulnerability.io/vulnerability/CVE-2024-39871,Access Control Vulnerability in SINEMA Remote Connect Server by Siemens,A security risk has been identified in the SINEMA Remote Connect Server where the application fails to properly enforce separation of permissions. An authenticated attacker with device management rights can exploit this flaw to access and modify settings pertaining to participant groups that they should not have permission to manage. This could lead to unauthorized access to sensitive configurations and control over communication relations within the system.,Siemens,Sinema Remote Connect Server,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39868,https://securityvulnerability.io/vulnerability/CVE-2024-39868,Unauthenticated Access Vulnerability in SINEMA Remote Connect Server by Siemens,"A vulnerability has been identified in all versions of SINEMA Remote Connect Server prior to V3.2 SP1. This vulnerability arises due to inadequate validation of user authentication on the web interface. As a consequence, an attacker without any authentication could exploit this flaw to access and modify VxLAN configuration settings of networks, potentially impacting network integrity and security. It is crucial for users of the affected product to assess their systems and apply necessary updates to mitigate any potential risks.",Siemens,Sinema Remote Connect Server,7.3,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39873,https://securityvulnerability.io/vulnerability/CVE-2024-39873,Brute Force Vulnerability in SINEMA Remote Connect Server by Siemens,"A security vulnerability exists in SINEMA Remote Connect Server due to inadequate brute force protection mechanisms in its web API. This weakness enables potential attackers to exploit the affected application and perform brute force attempts to retrieve valid user credentials. Users running versions prior to V3.2 SP1 of this server software may face increased risks of unauthorized access to sensitive information, making rapid remediation essential.",Siemens,Sinema Remote Connect Server,7.5,HIGH,0.0009699999936856329,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39872,https://securityvulnerability.io/vulnerability/CVE-2024-39872,Privilege Escalation Vulnerability in SINEMA Remote Connect Server by Siemens,"A vulnerability in SINEMA Remote Connect Server has been identified, impacting all versions prior to 3.2 SP1. This issue arises from improper assignment of rights to temporary files generated during the application's update process. As a result, an attacker with the 'Manage firmware updates' permission can potentially escalate privileges to the underlying operating system, posing significant security risks.",Siemens,Sinema Remote Connect Server,9.9,CRITICAL,0.0004900000058114529,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39870,https://securityvulnerability.io/vulnerability/CVE-2024-39870,Local User Privilege Escalation in SINEMA Remote Connect Server by Siemens,"A vulnerability has been detected in SINEMA Remote Connect Server, affecting all versions prior to V3.2 SP1. This vulnerability allows a local authenticated user with privileges to manage user accounts to exploit the application by modifying user details outside their designated permissions. This capability can lead to unauthorized privilege escalation, compromising the system's integrity and potentially allowing attackers to gain elevated access to sensitive resources.",Siemens,Sinema Remote Connect Server,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39869,https://securityvulnerability.io/vulnerability/CVE-2024-39869,Denial of Service Vulnerability in SINEMA Remote Connect Server by Siemens,"A vulnerability in SINEMA Remote Connect Server allows authenticated users to upload malicious certificates, resulting in a permanent denial-of-service condition. Once exploited, recovery requires manual removal of the harmful certificate, potentially disrupting services and access for legitimate users. Organizations using affected versions must take immediate action to secure their systems and prevent exploitation.",Siemens,Sinema Remote Connect Server,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39867,https://securityvulnerability.io/vulnerability/CVE-2024-39867,Authentication Bypass Vulnerability in SINEMA Remote Connect Server by Siemens,"A significant vulnerability has been identified in the SINEMA Remote Connect Server, specifically affecting all versions prior to V3.2 SP1. The flaw arises due to improper validation of authentication mechanisms within the web interface, which may allow an unauthorized individual to gain access to and modify sensitive device configuration data. This oversight poses critical risks to the integrity and security of the systems using the affected versions, emphasizing the urgency for users to implement necessary updates and mitigations.",Siemens,Sinema Remote Connect Server,7.3,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39866,https://securityvulnerability.io/vulnerability/CVE-2024-39866,Security Vulnerability in SINEMA Remote Connect Server by Siemens,"A vulnerability exists in the SINEMA Remote Connect Server that affects all versions prior to V3.2 SP1. This vulnerability arises from the application's handling of encrypted backup files, allowing an attacker who has access to the backup encryption key and the necessary permissions to upload such files. By exploiting this flaw, the attacker can create a user with administrative privileges, leading to a potential takeover of the server environment. Organizations using this product are encouraged to review their backup file handling procedures and apply any necessary security updates to mitigate this risk.",Siemens,Sinema Remote Connect Server,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39865,https://securityvulnerability.io/vulnerability/CVE-2024-39865,Path Traversal Vulnerability in SINEMA Remote Connect Server by Siemens,"A security vulnerability has been identified in SINEMA Remote Connect Server versions prior to V3.2 SP1. This vulnerability arises from inadequate validation during the restoration of files from encrypted backups. Attackers with access to the backup encryption key can exploit this issue by uploading malicious files. This could potentially allow unauthorized remote code execution, posing significant risks to systems utilizing the affected version of SINEMA Remote Connect Server.",Siemens,Sinema Remote Connect Server,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2022-32257,https://securityvulnerability.io/vulnerability/CVE-2022-32257,Unauthorized Access to Resources and Code Execution Vulnerability,"A vulnerability exists in the SINEMA Remote Connect Server, affecting all versions prior to 3.2. This issue stems from the inadequate access controls implemented in the web service, which may allow unauthorized actors to gain access to sensitive resources. The lack of appropriate restrictions on certain endpoints could enable attackers to execute arbitrary code, thereby posing significant risks to the integrity and confidentiality of the system.",Siemens,Sinema Remote Connect Server,9.8,CRITICAL,0.0010100000072270632,false,,false,false,false,,false,false,2024-03-12T10:41:49.947Z,0
CVE-2022-32262,https://securityvulnerability.io/vulnerability/CVE-2022-32262,Command Injection Vulnerability in SINEMA Remote Connect Server by Siemens,"A command injection vulnerability exists in SINEMA Remote Connect Server, affecting all versions prior to 3.1. The application contains a file upload server that allows attackers to exploit this vulnerability, potentially leading to arbitrary code execution. If successfully executed, this could allow unauthorized users to execute malicious commands on the server, posing serious risks to data integrity and system security.",Siemens,Sinema Remote Connect Server,8.8,HIGH,0.0018500000005587935,false,,false,false,false,,false,false,2022-06-14T09:22:17.000Z,0
CVE-2022-32261,https://securityvulnerability.io/vulnerability/CVE-2022-32261,Misconfiguration in SINEMA Remote Connect Server Affects Siemens Products,"A vulnerability has been found in the SINEMA Remote Connect Server affecting all versions prior to 3.1. This misconfiguration in the APT update mechanism allows an attacker to potentially introduce insecure packages into the application, compromising the integrity and security posture of affected systems. It is vital for users of this software to assess their current version and implement appropriate security measures.",Siemens,Sinema Remote Connect Server,5.3,MEDIUM,0.0007900000200606883,false,,false,false,false,,false,false,2022-06-14T09:22:16.000Z,0
CVE-2022-32260,https://securityvulnerability.io/vulnerability/CVE-2022-32260,Authentication Bypass Vulnerability in SINEMA Remote Connect Server by Siemens,"A vulnerability exists in the SINEMA Remote Connect Server that allows for authentication bypass due to the improper creation of temporary user credentials for UMC (User Management Component) users. This flaw enables an attacker to exploit these temporary credentials in specific scenarios, potentially leading to unauthorized access to sensitive functions or data.",Siemens,Sinema Remote Connect Server,6.5,MEDIUM,0.002219999907538295,false,,false,false,false,,false,false,2022-06-14T09:22:14.000Z,0
CVE-2022-32259,https://securityvulnerability.io/vulnerability/CVE-2022-32259,Sensitive Information Exposure in SINEMA Remote Connect Server by Siemens,"A vulnerability has been discovered in the SINEMA Remote Connect Server that affects all versions prior to 3.1. The installation or update images of the application contain unit test scripts that expose sensitive information, including details about the testing architecture. This could potentially allow an attacker to manipulate the test configurations and gain unauthorized insights, posing risks to the security and integrity of the system.",Siemens,Sinema Remote Connect Server,6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,,false,false,2022-06-14T09:22:12.000Z,0
CVE-2022-32258,https://securityvulnerability.io/vulnerability/CVE-2022-32258,Information Disclosure Vulnerability in SINEMA Remote Connect Server by Siemens,"A vulnerability has been identified in the SINEMA Remote Connect Server that affects all versions prior to 3.1. This weakness stems from an outdated feature allowing device configuration imports through a specific endpoint. If exploited, this vulnerability could lead to the disclosure of sensitive information, potentially compromising the security of the environment where the application is deployed.",Siemens,Sinema Remote Connect Server,5.3,MEDIUM,0.0020800000056624413,false,,false,false,false,,false,false,2022-06-14T09:22:10.000Z,0
CVE-2022-32256,https://securityvulnerability.io/vulnerability/CVE-2022-32256,Access Control Vulnerability in SINEMA Remote Connect Server by Siemens,"A security flaw has been discovered in the SINEMA Remote Connect Server prior to version 3.1. This vulnerability arises from insufficient access control measures, which allow low privileged users to gain access to endpoints intended for higher privileges. If exploited, this loophole could expose sensitive data, potentially compromising the integrity of operations that rely on the confidentiality of privileged information.",Siemens,Sinema Remote Connect Server,4.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2022-06-14T09:22:09.000Z,0
CVE-2022-32255,https://securityvulnerability.io/vulnerability/CVE-2022-32255,Access Control Flaw in SINEMA Remote Connect Server by Siemens,"A vulnerability in the SINEMA Remote Connect Server (all versions prior to V3.1) has been detected due to inadequate access control measures for certain web service endpoints. This flaw could enable unauthorized users to gain access to restricted information, potentially compromising the system's integrity and security. It is critical for users to evaluate their versions and implement necessary security measures to mitigate risks associated with this vulnerability.",Siemens,Sinema Remote Connect Server,5.3,MEDIUM,0.0007900000200606883,false,,false,false,false,,false,false,2022-06-14T09:22:07.000Z,0
CVE-2022-32254,https://securityvulnerability.io/vulnerability/CVE-2022-32254,Log File Exposure in SINEMA Remote Connect Server by Siemens,"A vulnerability in SINEMA Remote Connect Server versions prior to 3.1 allows for a specially crafted HTTP POST request that can result in sensitive user information being logged. This exposure might provide valuable insights to potential attackers, posing risks to user privacy and security.",Siemens,Sinema Remote Connect Server,4.3,MEDIUM,0.0016199999954551458,false,,false,false,false,,false,false,2022-06-14T09:22:06.000Z,0
CVE-2022-32253,https://securityvulnerability.io/vulnerability/CVE-2022-32253,Input Validation Flaw in SINEMA Remote Connect Server by Siemens,"A significant vulnerability has been identified in SINEMA Remote Connect Server versions prior to 3.1 due to insufficient input validation mechanisms. This issue allows attackers to potentially access sensitive data, as the password for OpenSSL certificates could be unintentionally logged to a file that is accessible by unauthorized users. This exposure poses a serious security risk, as it may lead to unauthorized access and compromise of secure communications.",Siemens,Sinema Remote Connect Server,4.9,MEDIUM,0.0009699999936856329,false,,false,false,false,,false,false,2022-06-14T09:22:04.000Z,0