CVE-2019-6570
EUVD-2019-1612917.04.2019, 14:29
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| siemens | sinema_remote_connect_server | 𝑥 < 2.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-280 - Improper Handling of Insufficient Permissions or PrivilegesThe application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.