Sinema Server Security Vulnerabilities and Issues — Sinema Server CVE List

Lucene search

SiemensSinema Server

17 matches found

CVE•added 2021/09/16 3:15 p.m.•6316 views

CVE-2021-39275

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

9.8CVSS9.3AI score0.46965EPSS

CVE•added 2021/09/16 3:15 p.m.•4436 views

CVE-2021-40438

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

9CVSS9.5AI score0.94432EPSS

CVE•added 2021/09/16 3:15 p.m.•1869 views

CVE-2021-34798

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5CVSS8.8AI score0.11686EPSS

CVE•added 2021/03/25 3:15 p.m.•749 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.15517EPSS

CVE•added 2021/02/09 5:15 p.m.•205 views

CVE-2020-25237

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is sti...

8.1CVSS7.8AI score0.01422EPSS

CVE•added 2022/03/08 12:15 p.m.•86 views

CVE-2022-25311

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of ...

8.8CVSS6.7AI score0.0019EPSS

CVE•added 2014/04/19 7:55 p.m.•80 views

CVE-2014-2732

Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80.

5CVSS7.2AI score0.0035EPSS

CVE•added 2019/04/17 2:29 p.m.•78 views

CVE-2019-6575

A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort P...

7.8CVSS7.4AI score0.01329EPSS

CVE•added 2020/06/10 5:15 p.m.•75 views

CVE-2020-7580

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0...

7.2CVSS6.7AI score0.00049EPSS

CVE•added 2017/05/11 10:29 a.m.•68 views

CVE-2017-6865

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TI...

6.5CVSS6AI score0.00084EPSS

CVE•added 2023/10/10 11:15 a.m.•51 views

CVE-2023-35796

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may le...

9CVSS8.5AI score0.00229EPSS

CVE•added 2016/11/15 7:30 p.m.•50 views

CVE-2016-7165

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (Al...

6.9CVSS6.9AI score0.00098EPSS

CVE•added 2020/01/16 4:15 p.m.•50 views

CVE-2019-10940

A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerabili...

9.9CVSS8.8AI score0.0018EPSS

CVE•added 2014/04/19 7:55 p.m.•43 views

CVE-2014-2733

Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.

5CVSS6.9AI score0.00376EPSS

CVE•added 2021/09/14 11:15 a.m.•39 views

CVE-2019-10941

A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affe...

5.3CVSS5.2AI score0.00184EPSS

CVE•added 2016/08/08 12:59 a.m.•38 views

CVE-2016-6486

Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.

7.8CVSS7.5AI score0.00071EPSS

CVE•added 2014/04/19 7:55 p.m.•35 views

CVE-2014-2731

Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.

9.3CVSS8AI score0.02357EPSS