Vulnerabilities > CVE-2019-6570 - Improper Handling of Insufficient Permissions or Privileges vulnerability in Siemens Sinema Remote Connect Server

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

siemens

CWE-280

NVD

Published: 2019-04-17

Updated: 2021-03-15

Summary

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sinema Remote Connect Server -	1

Common Weakness Enumeration (CWE)

CWE-280 - Improper Handling of Insufficient Permissions or Privileges

References

https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf