First published: Tue Jun 14 2022(Updated: )
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens SINEMA Remote Connect Server | <3.0 | |
Siemens SINEMA Remote Connect Server | =3.0 | |
Siemens SINEMA Remote Connect Server | =3.0-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-27219 is medium, with a severity score of 4.3.
All versions of SINEMA Remote Connect Server before V3.0 SP2 are affected by CVE-2022-27219.
CVE-2022-27219 can make the servers more prone to clickjacking and channel downgrade attacks.
CVE-2022-27219 is associated with the CWE IDs 1021 and 358.
You can find more information about CVE-2022-27219 on the Siemens ProductCERT portal: [https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf)