Siemens Sinema Remote Connect Server vulnerabilities

CVE-2020-25239 [HIGH] CWE-863 CVE-2020-25239: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webse A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights.

CVE-2020-25240 [HIGH] CWE-863 CVE-2020-25240: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unprivile A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service.

CVE-2020-7595 [HIGH] CWE-835 CVE-2020-7595: xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-fi xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVE-2019-19956 [HIGH] CWE-401 CVE-2019-19956: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

CVE-2019-13918 [CRITICAL] CWE-307 CVE-2019-13918: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The w A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full a

CVE-2019-13919 [MEDIUM] CWE-284 CVE-2019-13919: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction i

CVE-2019-13920 [MEDIUM] CWE-352 CVE-2019-13920: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability co

CVE-2019-13922 [LOW] CWE-311 CVE-2019-13922: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An at A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of

CVE-2019-6570 [HIGH] CWE-280 CVE-2019-6570: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to in A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.

CVE-2016-6204 [MEDIUM] CWE-79 CVE-2016-6204: Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Conne Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.