CVE-2022-32259 — Internal Asset Exposed to Unsafe Debug Access Level or State in Siemens Sinema Remote Connect Server

CWE-1244 — Internal Asset Exposed to Unsafe Debug Access Level or State CWE-863 — Incorrect Authorization3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 59.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinema Remote Connect Server

Timeline

PublishedJun 14

Latest updateJun 15

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5siemens/sinema_remote_connect_server< V3.1

▶NVDsiemens/sinema_remote_connect_server< 3.1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-h7cv-65j5-5g78: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3↗2022-06-15

▶

CVEList

CVE-2022-32259: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3↗2022-06-14

▶