CVE-2025-40818

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...

CVE-2022-23102

A vulnerability has been identified in SINEMA Remote Connect Server All versions V2.0. Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks...

CVE-2020-7530

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...

CVE-2020-7531

A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user...

CVE-2024-39876

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device...

CVE-2024-39870

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate...

CVE-2024-39872

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate...

CVE-2024-39867

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device configuration information of...

CVE-2024-39571

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 HF1. Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP...

CVE-2024-39873

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force...

CVE-2024-39567

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.2 HF1. The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker t...

CVE-2024-39868

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of...

CVE-2022-27220

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks...

CISA Releases 12 Industrial Control Systems Advisories

CISA released 12 Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-345-01 Johnson Controls iSTAR ICSA-25-345-02 Johnson Controls iSTAR Ultra ICSA-25-345-03 AzeoTech DAQFactor...

CVE-2025-40819

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the systemticketinfo table to bypass license limitations without proper enforcement...

EUVD-2025-201925

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...

EUVD-2025-201924

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the systemticketinfo table to bypass license limitations without proper enforcement...

CVE-2025-40819

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the systemticketinfo table to bypass license limitations without proper enforcement...

CVE-2025-40818

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...

CVE-2025-40819

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the systemticketinfo table to bypass license limitations without proper enforcement...