CVE-2022-29034 — Cross-site Scripting in Siemens Sinema Remote Connect Server

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

7.0%

top 8.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinema Remote Connect Server

Timeline

PublishedJun 14

Latest updateJun 15

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5siemens/sinema_remote_connect_server< V3.1

▶NVDsiemens/sinema_remote_connect_server< 3.1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-q48w-8cwv-r4h4: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3↗2022-06-15

▶

CVEList

CVE-2022-29034: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3↗2022-06-14

▶