First published: Fri Sep 13 2019(Updated: )
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens SINEMA Remote Connect Server | <=2.0 | |
Siemens SINEMA Remote Connect Server | =2.0-hf1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-13920.
The affected software is Siemens SINEMA Remote Connect Server, all versions prior to V2.0 SP1.
The severity of this vulnerability is medium with a CVSS score of 4.3.
This vulnerability could be exploited by an attacker to perform Cross Site Request Forgery (CSRF) attacks.
To fix this vulnerability, it is recommended to update Siemens SINEMA Remote Connect Server to version 2.0 SP1 or higher.