Sign-up

ID

VAR-202206-0949


CVE

CVE-2022-27220


TITLE

Siemens'  SINEMA Remote Connect Server  Vulnerability in improperly limiting rendered user interface layers or frames in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011899

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. SINEMA Remote Connect is a remote network management platform for easy management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants. No detailed vulnerability details are currently available

Trust: 1.8

sources: NVD: CVE-2022-27220 // JVNDB: JVNDB-2022-011899 // VULHUB: VHN-417805 // VULMON: CVE-2022-27220

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:eqversion:3.0

Trust: 1.0

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion:3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-011899 // NVD: CVE-2022-27220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-27220
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-27220
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202206-1267
value: MEDIUM

Trust: 0.6

VULHUB: VHN-417805
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-27220
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-417805
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-27220
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-27220
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-417805 // JVNDB: JVNDB-2022-011899 // CNNVD: CNNVD-202206-1267 // NVD: CVE-2022-27220

PROBLEMTYPE DATA

problemtype:CWE-1021

Trust: 1.0

problemtype:CWE-358

Trust: 1.0

problemtype:Improper restrictions on rendered user interface layers or frames (CWE-1021) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-011899 // NVD: CVE-2022-27220

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1267

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-202206-1267

PATCH

title:Siemens SINEMA Remote Connect Server Fixing measures for security feature vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=196614

Trust: 0.6

sources: CNNVD: CNNVD-202206-1267

EXTERNAL IDS

db:NVDid:CVE-2022-27220

Trust: 3.4

db:SIEMENSid:SSA-911567

Trust: 2.6

db:ICS CERTid:ICSA-22-167-07

Trust: 1.5

db:JVNid:JVNVU99030761

Trust: 0.8

db:JVNDBid:JVNDB-2022-011899

Trust: 0.8

db:AUSCERTid:ESB-2022.2979

Trust: 0.6

db:CNNVDid:CNNVD-202206-1267

Trust: 0.6

db:CNVDid:CNVD-2022-45210

Trust: 0.1

db:VULHUBid:VHN-417805

Trust: 0.1

db:VULMONid:CVE-2022-27220

Trust: 0.1

sources: VULHUB: VHN-417805 // VULMON: CVE-2022-27220 // JVNDB: JVNDB-2022-011899 // CNNVD: CNNVD-202206-1267 // NVD: CVE-2022-27220

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf

Trust: 2.6

url:https://jvn.jp/vu/jvnvu99030761/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-27220

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-07

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-167-07

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-27220/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2979

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-07

Trust: 0.1

sources: VULHUB: VHN-417805 // VULMON: CVE-2022-27220 // JVNDB: JVNDB-2022-011899 // CNNVD: CNNVD-202206-1267 // NVD: CVE-2022-27220

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202206-1267

SOURCES

db:VULHUBid:VHN-417805
db:VULMONid:CVE-2022-27220
db:JVNDBid:JVNDB-2022-011899
db:CNNVDid:CNNVD-202206-1267
db:NVDid:CVE-2022-27220

LAST UPDATE DATE

2024-08-14T12:58:49.420000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-417805date:2022-06-24T00:00:00
db:VULMONid:CVE-2022-27220date:2022-06-14T00:00:00
db:JVNDBid:JVNDB-2022-011899date:2023-08-24T08:26:00
db:CNNVDid:CNNVD-202206-1267date:2022-06-30T00:00:00
db:NVDid:CVE-2022-27220date:2022-06-24T01:49:13.800

SOURCES RELEASE DATE

db:VULHUBid:VHN-417805date:2022-06-14T00:00:00
db:VULMONid:CVE-2022-27220date:2022-06-14T00:00:00
db:JVNDBid:JVNDB-2022-011899date:2023-08-24T00:00:00
db:CNNVDid:CNNVD-202206-1267date:2022-06-14T00:00:00
db:NVDid:CVE-2022-27220date:2022-06-14T10:15:19.997