Details of VAR-202206-0845

ID

VAR-202206-0845

CVE

CVE-2022-32254

TITLE

Siemens SINEMA Remote Connect Server Log information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202206-1249

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants. Attackers can use this vulnerability to obtain sensitive information of users

Trust: 1.08

sources: NVD: CVE-2022-32254 // VULHUB: VHN-424193 // VULMON: CVE-2022-32254

AFFECTED PRODUCTS

vendor:

siemens

model:

sinema remote connect server

scope:

version:

3.1

Trust: 1.0

sources: NVD: CVE-2022-32254

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32254
value:	HIGH
Trust: 1.0
productcert@siemens.com:	CVE-2022-32254
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202206-1249
value:	HIGH
Trust: 0.6
VULHUB:	VHN-424193
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-32254
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-424193
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-32254
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
productcert@siemens.com:	CVE-2022-32254
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-424193 // CNNVD: CNNVD-202206-1249 // NVD: CVE-2022-32254 // NVD: CVE-2022-32254

PROBLEMTYPE DATA

problemtype:

CWE-532

Trust: 1.1

sources: VULHUB: VHN-424193 // NVD: CVE-2022-32254

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1249

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202206-1249

PATCH

title:

Siemens SINEMA Remote Connect Server Repair measures for log information disclosure vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197241

Trust: 0.6

sources: CNNVD: CNNVD-202206-1249

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32254	Trust: 1.8
db:	SIEMENS	id:	SSA-484086	Trust: 1.8
db:	ICS CERT	id:	ICSA-22-167-17	Trust: 0.7
db:	CNNVD	id:	CNNVD-202206-1249	Trust: 0.6
db:	CNVD	id:	CNVD-2022-45226	Trust: 0.1
db:	VULHUB	id:	VHN-424193	Trust: 0.1
db:	VULMON	id:	CVE-2022-32254	Trust: 0.1

sources: VULHUB: VHN-424193 // VULMON: CVE-2022-32254 // CNNVD: CNNVD-202206-1249 // NVD: CVE-2022-32254

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/html/ssa-484086.html	Trust: 1.0
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-32254/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17	Trust: 0.1

sources: VULHUB: VHN-424193 // VULMON: CVE-2022-32254 // CNNVD: CNNVD-202206-1249 // NVD: CVE-2022-32254

CREDITS

Siemens notified CISA of these vulnerabilities.

Trust: 0.6

sources: CNNVD: CNNVD-202206-1249

SOURCES

db:	VULHUB	id:	VHN-424193
db:	VULMON	id:	CVE-2022-32254
db:	CNNVD	id:	CNNVD-202206-1249
db:	NVD	id:	CVE-2022-32254

LAST UPDATE DATE

2024-08-14T12:58:49.610000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424193	date:	2022-06-23T00:00:00
db:	VULMON	id:	CVE-2022-32254	date:	2022-06-14T00:00:00
db:	CNNVD	id:	CNNVD-202206-1249	date:	2022-06-30T00:00:00
db:	NVD	id:	CVE-2022-32254	date:	2024-07-09T12:15:07.040

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424193	date:	2022-06-14T00:00:00
db:	VULMON	id:	CVE-2022-32254	date:	2022-06-14T00:00:00
db:	CNNVD	id:	CNNVD-202206-1249	date:	2022-06-14T00:00:00
db:	NVD	id:	CVE-2022-32254	date:	2022-06-14T10:15:20.867