ID

VAR-202206-0837


CVE

CVE-2022-32259


TITLE

Siemens SINEMA Remote Connect Server Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202206-1243

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants

Trust: 1.08

sources: NVD: CVE-2022-32259 // VULHUB: VHN-424198 // VULMON: CVE-2022-32259

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.1

Trust: 1.0

sources: NVD: CVE-2022-32259

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32259
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2022-32259
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202206-1243
value: MEDIUM

Trust: 0.6

VULHUB: VHN-424198
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-32259
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-32259
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-424198
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-32259
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-424198 // VULMON: CVE-2022-32259 // CNNVD: CNNVD-202206-1243 // NVD: CVE-2022-32259 // NVD: CVE-2022-32259

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-1244

Trust: 1.0

problemtype:CWE-863

Trust: 0.1

sources: VULHUB: VHN-424198 // NVD: CVE-2022-32259

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1243

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-1243

PATCH

title:Siemens SINEMA Remote Connect Server Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=196597

Trust: 0.6

sources: CNNVD: CNNVD-202206-1243

EXTERNAL IDS

db:SIEMENSid:SSA-484086

Trust: 1.8

db:NVDid:CVE-2022-32259

Trust: 1.8

db:ICS CERTid:ICSA-22-167-17

Trust: 0.7

db:CNNVDid:CNNVD-202206-1243

Trust: 0.6

db:CNVDid:CNVD-2022-45222

Trust: 0.1

db:VULHUBid:VHN-424198

Trust: 0.1

db:VULMONid:CVE-2022-32259

Trust: 0.1

sources: VULHUB: VHN-424198 // VULMON: CVE-2022-32259 // CNNVD: CNNVD-202206-1243 // NVD: CVE-2022-32259

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/html/ssa-484086.html

Trust: 1.0

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-32259/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17

Trust: 0.1

sources: VULHUB: VHN-424198 // VULMON: CVE-2022-32259 // CNNVD: CNNVD-202206-1243 // NVD: CVE-2022-32259

CREDITS

Siemens notified CISA of these vulnerabilities.

Trust: 0.6

sources: CNNVD: CNNVD-202206-1243

SOURCES

db:VULHUBid:VHN-424198
db:VULMONid:CVE-2022-32259
db:CNNVDid:CNNVD-202206-1243
db:NVDid:CVE-2022-32259

LAST UPDATE DATE

2024-08-14T12:11:30.553000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424198date:2022-06-22T00:00:00
db:VULMONid:CVE-2022-32259date:2022-06-22T00:00:00
db:CNNVDid:CNNVD-202206-1243date:2023-07-25T00:00:00
db:NVDid:CVE-2022-32259date:2024-07-09T12:15:07.910

SOURCES RELEASE DATE

db:VULHUBid:VHN-424198date:2022-06-14T00:00:00
db:VULMONid:CVE-2022-32259date:2022-06-14T00:00:00
db:CNNVDid:CNNVD-202206-1243date:2022-06-14T00:00:00
db:NVDid:CVE-2022-32259date:2022-06-14T10:15:21.090