Lucene search

SiemensVULNRICHMENT:CVE-2022-32259

HistoryJun 14, 2022 - 9:22 a.m.

CVE-2022-32259

2022-06-1409:22:12

CWE-1244

siemens

github.com

vulnerability

sinema remote connect server

unit test scripts

sensitive information

attacker

testing architecture

test configuration

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*"
    ],
    "vendor": "siemens",
    "product": "sinema_remote_connect_server",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-484086.html

cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2022-32259