CVE-2022-27220 — Improperly Implemented Security Check for Standard in Siemens Sinema Remote Connect Server

CWE-358 — Improperly Implemented Security Check for Standard CWE-1021 — UI Misrepresentation / Clickjacking3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 60.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinema Remote Connect Server

Timeline

PublishedJun 14

Latest updateJun 15

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDsiemens/sinema_remote_connect_server< 3.0+1

▶CVEListV5siemens/sinema_remote_connect_serverAll versions < V3.0 SP2

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-f7jh-6cq4-46pq: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3↗2022-06-15

▶

CVEList

CVE-2022-27220: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3↗2022-06-14

▶