Lucene search

SiemensCVELIST:CVE-2022-32259

HistoryJun 14, 2022 - 9:22 a.m.

CVE-2022-32259

2022-06-1409:22:12

CWE-1244

siemens

www.cve.org

vulnerability

sinema remote connect server

sensitive information

unit test scripts

testing architecture

test configuration

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SINEMA Remote Connect Server",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-484086.html

cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

Related for CVELIST:CVE-2022-32259