9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.025 Low
EPSS
Percentile
89.9%
Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, disclose information, or allow code execution.
The following Siemens products are affected:
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse. Errors in the logic could lead to libcurl reusing wrong connections.
3.2.2 USE OF UNINITIALIZED RESOURCE CWE-908
curl supports the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl. Due to a flaw in the option parser, libcurl could pass on uninitialized data from a stack-based buffer to the server, revealing sensitive internal information to the server.
CVE-2021-22925 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
In Expat, also called libexpat, versions prior to 2.4.3 a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior.
CVE-2021-45960 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
In doProlog in xmlparse.c in Expat, also called libexpat, versions prior to 2.4.3, an integer overflow exists for m_groupSize.
CVE-2021-46143 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
addBinding in xmlparse.c in Expat, also called libexpat, has an integer overflow in versions prior to 2.4.3.
CVE-2022-22822 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
build_model in xmlparse.c in Expat, also called libexpat, has an integer overflow in versions prior to 2.4.3.
CVE-2022-22823 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
defineAttribute in xmlparse.c in Expat, also called libexpat, has an integer overflow in versions prior to 2.4.3.
CVE-2022-22824 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
lookup in xmlparse.c in Expat, also called libexpat, has an integer overflow in versions prior to 2.4.3.
CVE-2022-22825 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
nextScaffoldPart in xmlparse.c in Expat, also called libexpat, has an integer overflow in versions prior to 2.4.3.
CVE-2022-22826 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
storeAtts in xmlparse.c in Expat, also called libexpat, has an integer overflow in versions prior to 2.4.3.
CVE-2022-22827 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Expat, also called libexpat, versions prior to 2.4.4 have a signed integer overflow in XML_GetBuffer for configurations with a nonzero XML_CONTEXT_BYTES.
CVE-2022-23852 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Expat, also called libexpat, versions prior to 2.4.4 have an integer overflow in the doProlog function.
CVE-2022-23990 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
xmltok_impl.c in Expat, also called libexpat, versions prior to 2.4.5 lack a certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVE-2022-25235 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
xmlparse.c in Expat, also called libexpat, versions prior to 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVE-2022-25236 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
In Expat, also called libexpat, versions prior to 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVE-2022-25313 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).
In Expat, also called libexpat versions prior to 2.4.5, there is an integer overflow in copyString.
CVE-2022-25314 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
In Expat, also called libexpat, versions prior to 2.4.5, there is an integer overflow in storeRawNames.
CVE-2022-25315 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker employing a machine-in-the-middle attack could obtain plaintext secret values by observing length differences during a series of guesses, in which a string in an HTTP request URL matches an unknown string in an HTTP response body (i.e., BREACH attack).
CVE-2022-27221 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code, allowing reflected cross-site scripting attacks.
CVE-2022-29034 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain privileges of an administrative user.
CVE-2022-32251 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The application does not perform the integrity check of the update packages. Without validation, an admin user could be tricked to install a malicious package, granting root privileges to an attacker.
CVE-2022-32252 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).
Due to improper input validation, the OpenSSL certificate’s password could be printed to a file reachable by an attacker.
CVE-2022-32253 has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information.
CVE-2022-32254 has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
The affected application’s web service lacks proper access control for some endpoints. This vulnerability could lead to unauthorized access to information.
CVE-2022-32255 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
The affected application’s web service lacks proper access control for some endpoints. This could lead to low privileged users’ access to privileged information.
CVE-2022-32256 has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
The affected application allows the import of device configurations via a specific endpoint, which could allow information disclosure.
CVE-2022-32258 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and tamper with test configuration.
CVE-2022-32259 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass.
CVE-2022-32260 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).
The affected application contains a misconfiguration in the APT update. This vulnerability could allow an attacker to add insecure packages to the application.
CVE-2022-32261 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
The affected application contains a file upload server vulnerable to command injection. An attacker could exploit this vulnerability to achieve arbitrary code execution.
CVE-2022-32262 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Siemens notified CISA of these vulnerabilities.
Siemens recommends updating the products to the latest version of their software:
The update of SINEMA Remote Connect Server to v3.1 also contains additional fixes for vulnerabilities documented in the following Siemens Security Advisories:
For further inquiries on security vulnerabilities in Siemens products and solutions, contact Siemens.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.
For more information see Siemens Security Advisory SSA-484086
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov/ics in the Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
No known public exploits specifically target these vulnerabilities.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22924
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22925
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45960
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46143
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22822
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22823
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22824
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22825
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22826
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22827
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23852
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23990
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25235
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25236
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25313
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25314
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25315
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27221
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29034
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32251
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32252
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32253
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32254
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32255
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32256
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32258
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32259
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32260
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32261
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32262
cert-portal.siemens.com/productcert/html/ssa-244969.html
cert-portal.siemens.com/productcert/html/ssa-539476.html
cert-portal.siemens.com/productcert/html/ssa-685781.html
cert-portal.siemens.com/productcert/html/ssa-712929.html
cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
cisa.gov/ics
cisa.gov/ics
cwe.mitre.org/data/definitions/116.html
cwe.mitre.org/data/definitions/1244.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/223.html
cwe.mitre.org/data/definitions/284.html
cwe.mitre.org/data/definitions/284.html
cwe.mitre.org/data/definitions/286.html
cwe.mitre.org/data/definitions/306.html
cwe.mitre.org/data/definitions/310.html
cwe.mitre.org/data/definitions/345.html
cwe.mitre.org/data/definitions/400.html
cwe.mitre.org/data/definitions/400.html
cwe.mitre.org/data/definitions/448.html
cwe.mitre.org/data/definitions/532.html
cwe.mitre.org/data/definitions/668.html
cwe.mitre.org/data/definitions/706.html
cwe.mitre.org/data/definitions/77.html
cwe.mitre.org/data/definitions/79.html
cwe.mitre.org/data/definitions/908.html
new.siemens.com/global/en/products/services/cert.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
support.industry.siemens.com/cs/ww/en/view/109811169
twitter.com/CISAgov
twitter.com/intent/tweet?text=Siemens%20SINEMA%20Remote%20Connect%20Server+https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-17
www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
www.cisa.gov/uscert/ics/recommended-practices
www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-17&title=Siemens%20SINEMA%20Remote%20Connect%20Server
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-17
www.oig.dhs.gov/
www.siemens.com/cert/operational-guidelines-industrial-security
www.siemens.com/industrialsecurity
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-17
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Siemens%20SINEMA%20Remote%20Connect%20Server&body=www.cisa.gov/news-events/ics-advisories/icsa-22-167-17
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.025 Low
EPSS
Percentile
89.9%