Sign-up

ID

VAR-202103-0197


CVE

CVE-2020-25240


TITLE

SINEMA Remote Connect Server  Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2020-016314

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service. SINEMA Remote Connect Server Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SINEMA Remote Connect Server is a set of remote network management platform of German Siemens (Siemens) company. The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network

Trust: 2.25

sources: NVD: CVE-2020-25240 // JVNDB: JVNDB-2020-016314 // CNVD: CNVD-2021-16436 // VULHUB: VHN-179199

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-16436

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.0

Trust: 1.6

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion:3.0

Trust: 0.8

sources: CNVD: CNVD-2021-16436 // JVNDB: JVNDB-2020-016314 // NVD: CVE-2020-25240

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25240
value: HIGH

Trust: 1.0

NVD: CVE-2020-25240
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-16436
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202103-692
value: HIGH

Trust: 0.6

VULHUB: VHN-179199
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-25240
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-16436
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-179199
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-25240
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-25240
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-16436 // VULHUB: VHN-179199 // JVNDB: JVNDB-2020-016314 // CNNVD: CNNVD-202103-692 // NVD: CVE-2020-25240

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:Illegal authentication (CWE-863) [ others ]

Trust: 0.8

sources: VULHUB: VHN-179199 // JVNDB: JVNDB-2020-016314 // NVD: CVE-2020-25240

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-692

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-692

PATCH

title:SSA-731317url:https://cert-portal.siemens.com/productcert/pdf/ssa-731317.pdf

Trust: 0.8

title:Siemens SINEMA Remote Connect Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144544

Trust: 0.6

sources: JVNDB: JVNDB-2020-016314 // CNNVD: CNNVD-202103-692

EXTERNAL IDS

db:NVDid:CVE-2020-25240

Trust: 3.9

db:SIEMENSid:SSA-731317

Trust: 2.3

db:ICS CERTid:ICSA-21-068-04

Trust: 1.4

db:JVNid:JVNVU93441670

Trust: 0.8

db:JVNDBid:JVNDB-2020-016314

Trust: 0.8

db:CNNVDid:CNNVD-202103-692

Trust: 0.7

db:CNVDid:CNVD-2021-16436

Trust: 0.6

db:AUSCERTid:ESB-2021.0848

Trust: 0.6

db:VULHUBid:VHN-179199

Trust: 0.1

sources: CNVD: CNVD-2021-16436 // VULHUB: VHN-179199 // JVNDB: JVNDB-2020-016314 // CNNVD: CNNVD-202103-692 // NVD: CVE-2020-25240

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-731317.pdf

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-25240

Trust: 1.4

url:https://jvn.jp/vu/jvnvu93441670/

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-21-068-04

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.0848

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-068-04

Trust: 0.6

sources: CNVD: CNVD-2021-16436 // VULHUB: VHN-179199 // JVNDB: JVNDB-2020-016314 // CNNVD: CNNVD-202103-692 // NVD: CVE-2020-25240

SOURCES

db:CNVDid:CNVD-2021-16436
db:VULHUBid:VHN-179199
db:JVNDBid:JVNDB-2020-016314
db:CNNVDid:CNNVD-202103-692
db:NVDid:CVE-2020-25240

LAST UPDATE DATE

2024-09-13T21:03:42.796000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-16436date:2021-03-23T00:00:00
db:VULHUBid:VHN-179199date:2021-03-18T00:00:00
db:JVNDBid:JVNDB-2020-016314date:2024-09-12T08:27:00
db:CNNVDid:CNNVD-202103-692date:2021-03-19T00:00:00
db:NVDid:CVE-2020-25240date:2021-03-18T20:39:22.273

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-16436date:2021-03-11T00:00:00
db:VULHUBid:VHN-179199date:2021-03-15T00:00:00
db:JVNDBid:JVNDB-2020-016314date:2021-11-22T00:00:00
db:CNNVDid:CNNVD-202103-692date:2021-03-09T00:00:00
db:NVDid:CVE-2020-25240date:2021-03-15T17:15:20.033