CVE-2019-13918 — Improper Restriction of Excessive Authentication Attempts in Siemens Sinema Remote Connect Server

CWE-307 — Improper Restriction of Excessive Authentication Attempts CWE-521 — Weak Password Requirements3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 34.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinema Remote Connect Server Siemens AG Sinema Remote Connect Server

Timeline

PublishedSep 13

Latest updateMay 24

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDsiemens/sinema_remote_connect_server< 2.0+1

▶CVEListV5siemens_ag/sinema_remote_connect_serverAll versions < V2.0 SP1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-hwwf-6wwf-vc9f: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2↗2022-05-24

▶

CVEList

CVE-2019-13918: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2↗2019-09-13

▶