Vulnerabilities > CVE-2019-6570 - Improper Handling of Insufficient Permissions or Privileges vulnerability in Siemens Sinema Remote Connect Server 1.1/2.0

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

siemens

CWE-280

critical

NVD

Published: 2019-04-17

Updated: 2021-03-15

Summary

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sinema Remote Connect Server 1.1 Siemens Sinema Remote Connect Server 2.0	2

Common Weakness Enumeration (CWE)

CWE-280 - Improper Handling of Insufficient Permissions or Privileges

References

https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf