CVE-2019-13920 — Cross-Site Request Forgery in Siemens Sinema Remote Connect Server

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 69.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinema Remote Connect Server Siemens AG Sinema Remote Connect Server

Timeline

PublishedSep 13

Latest updateMay 24

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulner…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDsiemens/sinema_remote_connect_server2.0+1

▶CVEListV5siemens_ag/sinema_remote_connect_serverAll versions < V2.0 SP1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-45pv-27p7-gvfx: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2↗2022-05-24

▶

CVEList

CVE-2019-13920: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2↗2019-09-13

▶