Details of VAR-202206-0837

ID

VAR-202206-0837

CVE

CVE-2022-32259

TITLE

Siemens SINEMA Remote Connect Server Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202206-1243

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants

Trust: 1.08

sources: NVD: CVE-2022-32259 // VULHUB: VHN-424198 // VULMON: CVE-2022-32259

AFFECTED PRODUCTS

vendor:

siemens

model:

sinema remote connect server

scope:

version:

3.1

Trust: 1.0

sources: NVD: CVE-2022-32259

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32259
value:	MEDIUM
Trust: 1.0
productcert@siemens.com:	CVE-2022-32259
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202206-1243
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-424198
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-32259
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-32259
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-424198
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-32259
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-424198 // VULMON: CVE-2022-32259 // CNNVD: CNNVD-202206-1243 // NVD: CVE-2022-32259 // NVD: CVE-2022-32259

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-1244	Trust: 1.0
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-424198 // NVD: CVE-2022-32259

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1243

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-1243

PATCH

title:

Siemens SINEMA Remote Connect Server Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=196597

Trust: 0.6

sources: CNNVD: CNNVD-202206-1243

EXTERNAL IDS

db:	SIEMENS	id:	SSA-484086	Trust: 1.8
db:	NVD	id:	CVE-2022-32259	Trust: 1.8
db:	ICS CERT	id:	ICSA-22-167-17	Trust: 0.7
db:	CNNVD	id:	CNNVD-202206-1243	Trust: 0.6
db:	CNVD	id:	CNVD-2022-45222	Trust: 0.1
db:	VULHUB	id:	VHN-424198	Trust: 0.1
db:	VULMON	id:	CVE-2022-32259	Trust: 0.1

sources: VULHUB: VHN-424198 // VULMON: CVE-2022-32259 // CNNVD: CNNVD-202206-1243 // NVD: CVE-2022-32259

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/html/ssa-484086.html	Trust: 1.0
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-32259/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17	Trust: 0.1

sources: VULHUB: VHN-424198 // VULMON: CVE-2022-32259 // CNNVD: CNNVD-202206-1243 // NVD: CVE-2022-32259

CREDITS

Siemens notified CISA of these vulnerabilities.

Trust: 0.6

sources: CNNVD: CNNVD-202206-1243

SOURCES

db:	VULHUB	id:	VHN-424198
db:	VULMON	id:	CVE-2022-32259
db:	CNNVD	id:	CNNVD-202206-1243
db:	NVD	id:	CVE-2022-32259

LAST UPDATE DATE

2024-08-14T12:11:30.553000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424198	date:	2022-06-22T00:00:00
db:	VULMON	id:	CVE-2022-32259	date:	2022-06-22T00:00:00
db:	CNNVD	id:	CNNVD-202206-1243	date:	2023-07-25T00:00:00
db:	NVD	id:	CVE-2022-32259	date:	2024-07-09T12:15:07.910

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424198	date:	2022-06-14T00:00:00
db:	VULMON	id:	CVE-2022-32259	date:	2022-06-14T00:00:00
db:	CNNVD	id:	CNNVD-202206-1243	date:	2022-06-14T00:00:00
db:	NVD	id:	CVE-2022-32259	date:	2022-06-14T10:15:21.090