Lucene search

SiemensVULNRICHMENT:CVE-2022-32252

HistoryJun 14, 2022 - 9:22 a.m.

CVE-2022-32252

2022-06-1409:22:03

CWE-345

siemens

github.com

cve-2022-32252

sinema remote connect server

integrity check

update packages

admin user

malicious package

root privileges

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*"
    ],
    "vendor": "siemens",
    "product": "sinema_remote_connect_server",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-484086.html

cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2022-32252