← Volver a CVEs

CVE-2022-32260

MEDIUM

6.5

Descripcion

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.

Detalles CVE

Puntuacion CVSS v3.16.5

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosHIGH

Interaccion usuarioREQUIRED

Publicado6/14/2022

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

siemens:sinema_remote_connect_server

Debilidades (CWE)

CWE-286

Referencias

https://cert-portal.siemens.com/productcert/html/ssa-381581.html(productcert@siemens.com)

https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf(productcert@siemens.com)

https://cert-portal.siemens.com/productcert/html/ssa-381581.html(af854a3a-2127-422b-91ae-364da2661108)

https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.