Latest siemens sinema remote connect server Vulnerabilities

CVE-2022-32257
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints...
Siemens SINEMA Remote Connect Server<3.2
CVE-2022-32262
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker c...
Siemens SINEMA Remote Connect Server<3.1
CVE-2022-32259
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensi...
Siemens SINEMA Remote Connect Server<3.1
CVE-2022-32258
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific...
Siemens SINEMA Remote Connect Server<3.1
CVE-2022-32260
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An att...
Siemens SINEMA Remote Connect Server<3.1
CVE-2022-32256
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints...
Siemens SINEMA Remote Connect Server<3.1
CVE-2022-32251
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a u...
Siemens SINEMA Remote Connect Server<3.1
CVE-2022-32254
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file,...
Siemens SINEMA Remote Connect Server<3.1
CVE-2022-32253
Siemens SINEMA Remote Connect Server<3.1
CVE-2022-32252
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin use...
Siemens SINEMA Remote Connect Server<3.1
CVE-2022-29034
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of...
Siemens SINEMA Remote Connect Server<3.1
CVE-2022-32255
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints...
Siemens SINEMA Remote Connect Server<3.1
CVE-2022-27221
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences dur...
Siemens SINEMA Remote Connect Server<3.1
CVE-2022-27220
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. ...
Siemens SINEMA Remote Connect Server<3.0
Siemens SINEMA Remote Connect Server=3.0
Siemens SINEMA Remote Connect Server=3.0-sp1
CVE-2022-27219
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. T...
Siemens SINEMA Remote Connect Server<3.0
Siemens SINEMA Remote Connect Server=3.0
Siemens SINEMA Remote Connect Server=3.0-sp1
CVE-2022-25313
A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service.
redhat/expat<2.4.5
redhat/mingw-expat<0:2.4.8-1.el8
redhat/expat<0:2.2.5-8.el8_6.2
redhat/expat<0:2.2.10-12.el9_0.2
debian/expat
Libexpat Project Libexpat<2.4.5
and 8 more
CVE-2022-25315
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
redhat/expat<2.4.5
redhat/expat<0:2.0.1-14.el6_10
redhat/firefox<0:91.7.0-3.el7_9
redhat/thunderbird<0:91.7.0-2.el7_9
redhat/expat<0:2.1.0-14.el7_9
redhat/firefox<0:91.7.0-3.el8_5
and 23 more
CVE-2022-25314
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
Google Android
Libexpat Project Libexpat<2.4.5
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 8 more
CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
redhat/expat<0:2.0.1-14.el6_10
redhat/firefox<0:91.7.0-3.el7_9
redhat/thunderbird<0:91.7.0-2.el7_9
redhat/expat<0:2.1.0-14.el7_9
redhat/firefox<0:91.7.0-3.el8_5
redhat/thunderbird<0:91.7.0-2.el8_5
and 45 more
CVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
redhat/expat<0:2.0.1-14.el6_10
redhat/firefox<0:91.7.0-3.el7_9
redhat/thunderbird<0:91.7.0-2.el7_9
redhat/expat<0:2.1.0-14.el7_9
redhat/firefox<0:91.7.0-3.el8_5
redhat/thunderbird<0:91.7.0-2.el8_5
and 38 more
CVE-2022-23102
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user ...
Siemens SINEMA Remote Connect Server<=2.0
CVE-2022-23990
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
redhat/mingw-expat<0:2.4.8-1.el8
Libexpat Project Libexpat<2.4.4
Tenable Nessus<8.15.3
Tenable Nessus>=10.0.0<10.1.1
Oracle Communications Metasolv Solution=6.3.1
Debian Debian Linux=10.0
and 20 more
CVE-2022-23852
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/expat<0:2.2.5-4.el8_4.3
Libexpat Project Libexpat<2.4.4
NetApp Clustered Data ONTAP
NetApp OnCommand Workflow Automation
and 21 more
CVE-2022-22824
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
Libexpat Project Libexpat<2.4.3
Tenable Nessus<8.15.3
Tenable Nessus>=10.0.0<10.1.1
and 28 more
CVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
debian/expat<=2.4.2-1<=2.2.6-2+deb10u1<=2.2.6-2<=2.2.10-2
Libexpat Project Libexpat<2.4.3
Tenable Nessus<8.15.3
and 30 more
CVE-2022-22827
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
Libexpat Project Libexpat<2.4.3
Tenable Nessus<8.15.3
Tenable Nessus>=10.0.0<10.1.1
and 28 more
CVE-2022-22826
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
Libexpat Project Libexpat<2.4.3
Tenable Nessus<8.15.3
Tenable Nessus>=10.0.0<10.1.1
and 28 more
CVE-2022-22823
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
Libexpat Project Libexpat<2.4.3
Tenable Nessus<8.15.3
Tenable Nessus>=10.0.0<10.1.1
and 28 more
CVE-2022-22825
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
Libexpat Project Libexpat<2.4.3
Tenable Nessus<8.15.3
Tenable Nessus>=10.0.0<10.1.1
and 28 more
CVE-2021-46143
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
redhat/expat<2.4.3
ubuntu/expat<2.2.5-3ubuntu0.4
ubuntu/expat<2.2.9-1ubuntu0.2
and 31 more
CVE-2021-45960
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memor...
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
debian/expat<=2.2.6-2<=2.2.10-2<=2.2.6-2+deb10u1<=2.4.2-1
redhat/expat<2.4.3
ubuntu/expat<2.2.5-3ubuntu0.4
ubuntu/expat<2.2.9-1ubuntu0.2
and 28 more
CVE-2021-41991
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of...
debian/strongswan
Strongswan Strongswan>=4.2.10<5.9.4
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=33
and 45 more
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
redhat/jbcs-httpd24-apr<0:1.6.3-107.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-84.el8
redhat/jbcs-httpd24-curl<0:7.78.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-78.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-39.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-8.el8
and 38 more
CVE-2021-37193
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameter...
Siemens SINEMA Remote Connect Server<3.0
Siemens SINEMA Remote Connect Server=3.0
Siemens SINEMA Remote Connect Server=3.0-sp1
CVE-2021-37192
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retriev...
Siemens SINEMA Remote Connect Server<3.0
Siemens SINEMA Remote Connect Server=3.0
Siemens SINEMA Remote Connect Server=3.0-sp1
CVE-2021-37191
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames fr...
Siemens SINEMA Remote Connect Server<3.0
Siemens SINEMA Remote Connect Server=3.0
Siemens SINEMA Remote Connect Server=3.0-sp1
CVE-2021-37177
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unaut...
Siemens SINEMA Remote Connect Server<3.0
Siemens SINEMA Remote Connect Server=3.0
Siemens SINEMA Remote Connect Server=3.0-sp1
CVE-2021-37183
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticat...
Siemens SINEMA Remote Connect Server<3.0
Siemens SINEMA Remote Connect Server=3.0
Siemens SINEMA Remote Connect Server=3.0-sp1
CVE-2021-37190
Siemens SINEMA Remote Connect Server<3.0
Siemens SINEMA Remote Connect Server=3.0
Siemens SINEMA Remote Connect Server=3.0-sp1
CVE-2021-22924
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take ...
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.1
debian/curl<=7.64.0-4+deb10u2
redhat/curl<7.78.0
Haxx Libcurl>=7.10.4<7.77.0
Fedoraproject Fedora=33
and 98 more
CVE-2021-20093
A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Ru...
Wibu Codemeter<=7.21a
Siemens Pss Cape
Siemens Sicam 230 Firmware
Siemens Sicam 230
Siemens Simatic Information Server=2019-sp1
Siemens Simatic Information Server=2020
and 12 more
CVE-2021-22925
A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue...
redhat/curl<0:7.61.1-22.el8
Apple Catalina
IBM QRadar SIEM<=7.5.0 GA
IBM QRadar SIEM<=7.4.3 GA - 7.4.3 FP4
IBM QRadar SIEM<=7.3.3 GA - 7.3.3 FP10
Apple macOS Big Sur<11.6
and 60 more
CVE-2020-25240
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integri...
Siemens SINEMA Remote Connect Server<3.0
CVE-2020-25239
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the ...
Siemens SINEMA Remote Connect Server<3.0
CVE-2020-7595
GNOME libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this vulnerability to cause the application to enter into an...
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el7
and 72 more
CVE-2019-19956
libxml2 is vulnerable to a denial of service, caused by a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c. By persuading a victim to open a specially crafted file, a remote attacker coul...
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el7
and 35 more
CVE-2019-13922
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The secu...
Siemens SINEMA Remote Connect Server<=2.0
Siemens SINEMA Remote Connect Server=2.0-hf1
CVE-2019-13918
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited...
Siemens SINEMA Remote Connect Server<2.0
Siemens SINEMA Remote Connect Server=2.0
Siemens SINEMA Remote Connect Server=2.0-hf1
CVE-2019-6570
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorizat...
Siemens SINEMA Remote Connect Server<2.0
CVE-2018-5391
A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive...
ubuntu/linux<4.15.0-32.35
ubuntu/linux<3.13.0-155.205
ubuntu/linux<4.19~
ubuntu/linux<4.4.0-133.159
ubuntu/linux-aws<4.15.0-1019.19
ubuntu/linux-aws<4.4.0-1027.30
and 236 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203