CVE-2019-10940Incorrect Privilege Assignment in Siemens Sinema Server

CWE-266Incorrect Privilege AssignmentCWE-269Improper Privilege Management3 documents3 sources
Severity
9.9CRITICALNVD
EPSS
0.2%
top 60.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Siemens Sinema ServerSiemens AG Sinema Server
Timeline
PublishedJan 16
Latest updateMay 24

Description

A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the v

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

NVDsiemens/sinema_server< 14.0+1
CVEListV5siemens_ag/sinema_serverAll versions < V14.0 SP2 Update 1

🔴Vulnerability Details

2
GHSA
GHSA-8vxr-h2m2-wf68: A vulnerability has been identified in SINEMA Server (All versions < V142022-05-24
CVEList
CVE-2019-10940: A vulnerability has been identified in SINEMA Server (All versions < V142020-01-16
CVE-2019-10940 — Incorrect Privilege Assignment | cvebase