Siemens Ag Sinema Remote Connect Server vulnerabilities

4 known vulnerabilities affecting siemens_ag/sinema_remote_connect_server.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2019-13918CRITICALCVSS 9.8vAll versions < V2.0 SP12019-09-13
CVE-2019-13918 [CRITICAL] CWE-307 CVE-2019-13918: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The w A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full a
cvelistv5nvd
CVE-2019-13919MEDIUMCVSS 4.3vAll versions < V2.0 SP12019-09-13
CVE-2019-13919 [MEDIUM] CWE-284 CVE-2019-13919: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction i
cvelistv5nvd
CVE-2019-13920MEDIUMCVSS 4.3vAll versions < V2.0 SP12019-09-13
CVE-2019-13920 [MEDIUM] CWE-352 CVE-2019-13920: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability co
cvelistv5nvd
CVE-2019-13922LOWCVSS 2.7vAll versions < V2.0 SP12019-09-13
CVE-2019-13922 [LOW] CWE-311 CVE-2019-13922: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An at A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of
cvelistv5nvd