CVE-2019-13922 — Missing Encryption of Sensitive Data in Siemens Sinema Remote Connect Server

CWE-311 — Missing Encryption of Sensitive Data4 documents4 sources

Severity

2.7LOWNVD

EPSS

0.1%

top 73.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinema Remote Connect Server Siemens AG Sinema Remote Connect Server

Timeline

PublishedSep 13

Latest updateMay 24

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶NVDsiemens/sinema_remote_connect_server2.0+1

▶CVEListV5siemens_ag/sinema_remote_connect_serverAll versions < V2.0 SP1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-gr98-g82j-6qxx: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2↗2022-05-24

▶

CVEList

CVE-2019-13922: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2↗2019-09-13

▶

💬Community

Bugzilla

CVE-2019-12435 samba: AD DC Denial of Service in DNS management server↗2019-05-20

▶