Sign-up

ID

VAR-202206-0948


CVE

CVE-2022-27219


TITLE

Siemens SINEMA Remote Connect Server Security feature vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202206-1269

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants. No detailed vulnerability details are currently available

Trust: 1.08

sources: NVD: CVE-2022-27219 // VULHUB: VHN-417804 // VULMON: CVE-2022-27219

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:eqversion:3.0

Trust: 1.0

sources: NVD: CVE-2022-27219

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-27219
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202206-1269
value: MEDIUM

Trust: 0.6

VULHUB: VHN-417804
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-27219
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-417804
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-27219
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-417804 // CNNVD: CNNVD-202206-1269 // NVD: CVE-2022-27219

PROBLEMTYPE DATA

problemtype:CWE-1021

Trust: 1.0

problemtype:CWE-358

Trust: 1.0

sources: NVD: CVE-2022-27219

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1269

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-202206-1269

PATCH

title:Siemens SINEMA Remote Connect Server Fixing measures for security feature vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=196616

Trust: 0.6

sources: CNNVD: CNNVD-202206-1269

EXTERNAL IDS

db:NVDid:CVE-2022-27219

Trust: 1.8

db:SIEMENSid:SSA-911567

Trust: 1.8

db:ICS CERTid:ICSA-22-167-07

Trust: 0.7

db:AUSCERTid:ESB-2022.2979

Trust: 0.6

db:CNNVDid:CNNVD-202206-1269

Trust: 0.6

db:CNVDid:CNVD-2022-45211

Trust: 0.1

db:VULHUBid:VHN-417804

Trust: 0.1

db:VULMONid:CVE-2022-27219

Trust: 0.1

sources: VULHUB: VHN-417804 // VULMON: CVE-2022-27219 // CNNVD: CNNVD-202206-1269 // NVD: CVE-2022-27219

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf

Trust: 1.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-167-07

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2979

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-27219/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-07

Trust: 0.1

sources: VULHUB: VHN-417804 // VULMON: CVE-2022-27219 // CNNVD: CNNVD-202206-1269 // NVD: CVE-2022-27219

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202206-1269

SOURCES

db:VULHUBid:VHN-417804
db:VULMONid:CVE-2022-27219
db:CNNVDid:CNNVD-202206-1269
db:NVDid:CVE-2022-27219

LAST UPDATE DATE

2024-08-14T13:13:10.675000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-417804date:2022-06-23T00:00:00
db:VULMONid:CVE-2022-27219date:2022-06-14T00:00:00
db:CNNVDid:CNNVD-202206-1269date:2022-06-30T00:00:00
db:NVDid:CVE-2022-27219date:2022-06-23T20:15:28.773

SOURCES RELEASE DATE

db:VULHUBid:VHN-417804date:2022-06-14T00:00:00
db:VULMONid:CVE-2022-27219date:2022-06-14T00:00:00
db:CNNVDid:CNNVD-202206-1269date:2022-06-14T00:00:00
db:NVDid:CVE-2022-27219date:2022-06-14T10:15:19.940