CVE-2019-13919 — Improper Access Control in Siemens Sinema Remote Connect Server

CWE-284 — Improper Access Control3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 64.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinema Remote Connect Server Siemens AG Sinema Remote Connect Server

Timeline

PublishedSep 13

Latest updateMay 24

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not in…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDsiemens/sinema_remote_connect_server2.0+1

▶CVEListV5siemens_ag/sinema_remote_connect_serverAll versions < V2.0 SP1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-jh5g-jg5m-7x4q: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2↗2022-05-24

▶

CVEList

CVE-2019-13919: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2↗2019-09-13

▶