Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-23102 — Open Redirect in Siemens Sinema Remote Connect Server

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

4.9%

top 10.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Siemens Sinema Remote Connect Server

Timeline

PublishedFeb 9

Latest updateFeb 10

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDsiemens/sinema_remote_connect_server2.0

▶CVEListV5siemens/sinema_remote_connect_serverAll versions < V2.0

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-9wrg-64cr-9jvf: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2↗2022-02-10

▶

CVEList

CVE-2022-23102: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2↗2022-02-09

▶

💥Exploits & PoCs

Nuclei

SINEMA Remote Connect Server < V2.0 - Open Redirect

▶