CVE-2019-6570 — Improper Handling of Insufficient Permissions or Privileges in Siemens Sinema Remote Connect Server

CWE-280 — Improper Handling of Insufficient Permissions or Privileges CWE-863 — Incorrect Authorization4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 52.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinema Remote Connect Server

Timeline

PublishedApr 17

Latest updateMay 13

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsiemens/sinema_remote_connect_server< 2.0

▶CVEListV5siemens/sinema_remote_connect_serverAll versions < V2.0

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-qp82-v7w8-wfwq: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2↗2022-05-13

▶

CVEList

CVE-2019-6570: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2↗2019-04-17

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2020-6569↗2020-08-25

▶