Siemens Sinema Remote Connect Server vulnerabilities

CVE-2022-32262 [CRITICAL] CWE-77 CVE-2022-32262: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affec A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.

CVE-2022-32252 [HIGH] CWE-345 CVE-2022-32252: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The appli A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker.

CVE-2022-32261 [HIGH] CWE-233 CVE-2022-32261: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affec A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application.

CVE-2022-32253 [HIGH] CWE-20 CVE-2022-32253: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to im A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker.

CVE-2022-32258 [HIGH] CWE-448 CVE-2022-32258: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affec A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure.

CVE-2022-32254 [HIGH] CWE-532 CVE-2022-32254: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customi A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker.

CVE-2022-29034 [MEDIUM] CWE-79 CVE-2022-29034: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks.

CVE-2022-32256 [MEDIUM] CWE-284 CVE-2022-32256: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affec A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.

CVE-2022-32259 [MEDIUM] CWE-1244 CVE-2022-32259: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The syste A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.

CVE-2022-27221 [MEDIUM] CWE-203 CVE-2022-27221: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attack A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack.

CVE-2022-27219 [MEDIUM] CWE-358 CVE-2022-27219: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affec A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.

CVE-2022-27220 [MEDIUM] CWE-358 CVE-2022-27220: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affec A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.

CVE-2022-32255 [MEDIUM] CWE-284 CVE-2022-32255: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affec A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information.

CVE-2022-25315 [CRITICAL] CWE-190 CVE-2022-25315: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

CVE-2022-25314 [HIGH] CWE-190 CVE-2022-25314: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

CVE-2022-25313 [MEDIUM] CWE-674 CVE-2022-25313: In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

CVE-2022-25235 [CRITICAL] CWE-116 CVE-2022-25235: xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as che xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

CVE-2022-25236 [CRITICAL] CWE-668 CVE-2022-25236: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator chara xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

CVE-2022-23102 [MEDIUM] CWE-601 CVE-2022-23102: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.

CVE-2022-23990 [HIGH] CWE-190 CVE-2022-23990: Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.