Siemens Sinema Remote Connect Client vulnerabilities

11 known vulnerabilities affecting siemens/sinema_remote_connect_client.

Total CVEs

11

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL2HIGH6MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2025-30033HIGHCVSS 8.5fixed in *2025-08-12

CVE-2025-30033 [HIGH] CWE-427 CVE-2025-30033: The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

CVE-2024-33698CRITICALCVSS 9.3fixed in V3.2 SP32024-09-10

CVE-2024-33698 [CRITICAL] CWE-122 CVE-2024-33698: A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All v A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totall

CVE-2024-32006MEDIUMCVSS 5.3fixed in 3.2v3.2+1 more2024-09-10

CVE-2024-32006 [MEDIUM] CWE-613 CVE-2024-32006: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The a A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication.

CVE-2024-42344MEDIUMCVSS 4.8fixed in 3.2v3.2+1 more2024-09-10

CVE-2024-42344 [MEDIUM] CWE-532 CVE-2024-42344: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The a A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data.

CVE-2024-39568HIGHCVSS 8.5fixed in 3.2v3.2+1 more2024-07-09

CVE-2024-39568 [HIGH] CWE-77 CVE-2024-39568: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The s A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.

CVE-2024-39569HIGHCVSS 7.5fixed in 3.2v3.2+1 more2024-07-09

CVE-2024-39569 [HIGH] CWE-77 CVE-2024-39569: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The s A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server

CVE-2024-39567HIGHCVSS 8.5fixed in 3.2v3.2+1 more2024-07-09

CVE-2024-39567 [HIGH] CWE-77 CVE-2024-39567: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The s A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.

CVE-2024-22045MEDIUMCVSS 6.5fixed in 3.1v3.1+1 more2024-03-12

CVE-2024-22045 [HIGH] CWE-538 CVE-2024-22045: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The p A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.

CVE-2021-31338HIGHCVSS 7.8vAll versions < V3.0 SP12021-08-19

CVE-2021-31338 [HIGH] CWE-15 CVE-2021-31338: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affec A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device.

CVE-2019-3822CRITICALCVSS 9.8≤ 2.02019-02-06

CVE-2019-3822 [CRITICAL] CWE-121 CVE-2019-3822: libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The f libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting ov

CVE-2018-16890HIGHCVSS 7.5≤ 2.02019-02-06

CVE-2018-16890 [HIGH] CWE-125 CVE-2018-16890: libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could tr