ID

VAR-202403-0635


CVE

CVE-2022-32257


TITLE

Siemens'  SINEMA Remote Connect Server  access control vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2022-025078

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution. Siemens' SINEMA Remote Connect Server contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks

Trust: 2.16

sources: NVD: CVE-2022-32257 // JVNDB: JVNDB-2022-025078 // CNVD: CNVD-2024-13805

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-13805

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.2

Trust: 1.0

vendor:シーメンスmodel:sinema remote connect serverscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion:3.2

Trust: 0.8

vendor:siemensmodel:sinema remote connect serverscope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2024-13805 // JVNDB: JVNDB-2022-025078 // NVD: CVE-2022-32257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32257
value: CRITICAL

Trust: 1.0

productcert@siemens.com: CVE-2022-32257
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-32257
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-13805
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-13805
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-32257
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-32257
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-13805 // JVNDB: JVNDB-2022-025078 // NVD: CVE-2022-32257 // NVD: CVE-2022-32257

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-025078 // NVD: CVE-2022-32257

PATCH

title:Patch for Siemens SINEMA Remote Connect Server Access Control Error Vulnerability (CNVD-2024-13805)url:https://www.cnvd.org.cn/patchInfo/show/534551

Trust: 0.6

sources: CNVD: CNVD-2024-13805

EXTERNAL IDS

db:NVDid:CVE-2022-32257

Trust: 3.2

db:SIEMENSid:SSA-576771

Trust: 2.4

db:JVNid:JVNVU93656033

Trust: 0.8

db:ICS CERTid:ICSA-24-074-03

Trust: 0.8

db:JVNDBid:JVNDB-2022-025078

Trust: 0.8

db:CNVDid:CNVD-2024-13805

Trust: 0.6

sources: CNVD: CNVD-2024-13805 // JVNDB: JVNDB-2022-025078 // NVD: CVE-2022-32257

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-576771.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu93656033/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-32257

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-03

Trust: 0.8

sources: CNVD: CNVD-2024-13805 // JVNDB: JVNDB-2022-025078 // NVD: CVE-2022-32257

SOURCES

db:CNVDid:CNVD-2024-13805
db:JVNDBid:JVNDB-2022-025078
db:NVDid:CVE-2022-32257

LAST UPDATE DATE

2024-08-14T12:34:53.620000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-13805date:2024-03-19T00:00:00
db:JVNDBid:JVNDB-2022-025078date:2024-03-27T00:50:00
db:NVDid:CVE-2022-32257date:2024-03-25T16:29:15.437

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-13805date:2024-03-19T00:00:00
db:JVNDBid:JVNDB-2022-025078date:2024-03-27T00:00:00
db:NVDid:CVE-2022-32257date:2024-03-12T11:15:45.210