Siemens SINEMA Remote Connect (Update A)

Act Now8.3ICS-CERT ICSA-19-099-04Apr 9, 2019

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SINEMA Remote Connect Client and Server versions before 2.0 contain authorization bypass vulnerabilities (CWE-131, CWE-125, CWE-121, CWE-280) that allow authenticated users to execute functions beyond their assigned privileges. Successful exploitation could allow an attacker to circumvent system authorization and execute privileged functions, including altering remote access configurations or controlling connected industrial devices.

What this means

What could happen

An attacker with login credentials to SINEMA Remote Connect could bypass authorization checks and execute privileged commands on the server or client, potentially altering remote access policies or gaining control over connected industrial devices.

Who's at risk

Any organization using Siemens SINEMA Remote Connect to manage remote access to industrial devices—particularly those in utilities, manufacturing, and critical infrastructure. SINEMA Remote Connect is used by engineers and operators to manage Siemens automation equipment remotely. Affected organizations need to assess whether SINEMA is used to manage safety-critical or availability-critical systems.

How it could be exploited

An attacker with valid user credentials connects to SINEMA Remote Connect (Client or Server). The application fails to properly validate authorization, allowing the attacker to execute functions that should require higher privileges. This could allow unauthorized remote access or configuration changes to managed devices.

Prerequisites

Valid user credentials for SINEMA Remote Connect
Network access to SINEMA Remote Connect Client or Server on its management port
Attacker must be able to authenticate to the application

No authentication required (assumes valid credentials, but credentials may be shared or weak)Low complexity attackHigh EPSS score (16.6%)Authorization bypass allows privilege escalationAffects remote access system for industrial equipment

Exploitability

High exploit probability (EPSS 16.6%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SINEMA Remote Connect Client: AllAll versions < V2.0 HF12.0 HF1

SINEMA Remote Connect Server: AllAll versions < V2.02.0

Remediation & Mitigation

0/7

Do now

0/2

WORKAROUNDDisable NTLM authentication on SINEMA Remote Connect

WORKAROUNDDisable SMTP on SINEMA Remote Connect

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SINEMA Remote Connect Client to version 2.0 HF1 or later

HOTFIXUpdate SINEMA Remote Connect Server to version 2.0 or later

Long-term hardening

0/3

HARDENINGPlace SINEMA Remote Connect behind a firewall and isolate from the business network

HARDENINGRestrict network access to SINEMA Remote Connect to only authorized management workstations

HARDENINGImplement defense-in-depth strategies around SINEMA Remote Connect

CVEs (5)

CVE-2018-14618 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 CVE-2019-6570

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cee80b32-0403-45e4-a88c-e1c1bec4aada