CVE-2022-32257

EUVD-2022-53454
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
siemenssinema_remote_connect_server
𝑥
< 3.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
siemenssinema_remote_connect_server
𝑥
< 3.2
ADP
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/html/ssa-576771.html
https://cert-portal.siemens.com/productcert/html/ssa-576771.html