ID

VAR-202206-0845


CVE

CVE-2022-32254


TITLE

Siemens SINEMA Remote Connect Server Log information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202206-1249

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants. Attackers can use this vulnerability to obtain sensitive information of users

Trust: 1.08

sources: NVD: CVE-2022-32254 // VULHUB: VHN-424193 // VULMON: CVE-2022-32254

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.1

Trust: 1.0

sources: NVD: CVE-2022-32254

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32254
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2022-32254
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202206-1249
value: HIGH

Trust: 0.6

VULHUB: VHN-424193
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-32254
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-424193
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-32254
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2022-32254
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-424193 // CNNVD: CNNVD-202206-1249 // NVD: CVE-2022-32254 // NVD: CVE-2022-32254

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.1

sources: VULHUB: VHN-424193 // NVD: CVE-2022-32254

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1249

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202206-1249

PATCH

title:Siemens SINEMA Remote Connect Server Repair measures for log information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197241

Trust: 0.6

sources: CNNVD: CNNVD-202206-1249

EXTERNAL IDS

db:NVDid:CVE-2022-32254

Trust: 1.8

db:SIEMENSid:SSA-484086

Trust: 1.8

db:ICS CERTid:ICSA-22-167-17

Trust: 0.7

db:CNNVDid:CNNVD-202206-1249

Trust: 0.6

db:CNVDid:CNVD-2022-45226

Trust: 0.1

db:VULHUBid:VHN-424193

Trust: 0.1

db:VULMONid:CVE-2022-32254

Trust: 0.1

sources: VULHUB: VHN-424193 // VULMON: CVE-2022-32254 // CNNVD: CNNVD-202206-1249 // NVD: CVE-2022-32254

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/html/ssa-484086.html

Trust: 1.0

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-32254/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17

Trust: 0.1

sources: VULHUB: VHN-424193 // VULMON: CVE-2022-32254 // CNNVD: CNNVD-202206-1249 // NVD: CVE-2022-32254

CREDITS

Siemens notified CISA of these vulnerabilities.

Trust: 0.6

sources: CNNVD: CNNVD-202206-1249

SOURCES

db:VULHUBid:VHN-424193
db:VULMONid:CVE-2022-32254
db:CNNVDid:CNNVD-202206-1249
db:NVDid:CVE-2022-32254

LAST UPDATE DATE

2024-08-14T12:58:49.610000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424193date:2022-06-23T00:00:00
db:VULMONid:CVE-2022-32254date:2022-06-14T00:00:00
db:CNNVDid:CNNVD-202206-1249date:2022-06-30T00:00:00
db:NVDid:CVE-2022-32254date:2024-07-09T12:15:07.040

SOURCES RELEASE DATE

db:VULHUBid:VHN-424193date:2022-06-14T00:00:00
db:VULMONid:CVE-2022-32254date:2022-06-14T00:00:00
db:CNNVDid:CNNVD-202206-1249date:2022-06-14T00:00:00
db:NVDid:CVE-2022-32254date:2022-06-14T10:15:20.867