Vulnerability in SINEMA Remote Connect Server

Plan Patch7.4SSA-334944Sep 14, 2021

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in SINEMA Remote Connect Server versions prior to 3.0 SP2 allow unauthorized remote attackers to retrieve sensitive information, manipulate configuration data, and cause denial-of-service conditions on devices controlled through the remote access platform. The vulnerabilities exist in the server's handling of remote requests and do not require authentication or user interaction. SINEMA Remote Connect Server is commonly deployed in industrial environments to enable secure remote management of Siemens PLCs, RTUs, and other control systems across distributed locations.

What this means

What could happen

An attacker could retrieve sensitive information from SINEMA Remote Connect Server or manipulate configuration, potentially compromising remote access sessions to industrial devices. An attacker could also cause a denial-of-service condition affecting devices managed through the server.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using SINEMA Remote Connect Server for remote access to industrial control systems and field devices should prioritize this update. This affects any organization that relies on Siemens remote access infrastructure to manage PLCs, RTUs, and other SCADA equipment from engineering offices or central control centers.

How it could be exploited

An attacker on the same network segment as the SINEMA Remote Connect Server could send specially crafted requests to the service. The vulnerabilities allow unauthorized retrieval of sensitive data and manipulation of system state without requiring authentication or user interaction. In a multi-site remote access deployment, this could disrupt connections to field devices across multiple locations.

Prerequisites

Network access to SINEMA Remote Connect Server
No credentials required
Attacker on the same network segment or with routable access to the server

remotely exploitableno authentication requiredlow complexityaffects remote access to safety-critical systemsno patch available for older unsupported versions

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

SINEMA Remote Connect Server< V3.0 SP23.0 SP2

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDIf immediate patching is not possible, restrict network access to SINEMA Remote Connect Server to only authorized engineering workstations and management networks using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SINEMA Remote Connect Server to version 3.0 SP2 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate the SINEMA Remote Connect Server from untrusted network segments

CVEs (6)

CVE-2021-37177 CVE-2021-37183 CVE-2021-37190 CVE-2021-37191 CVE-2021-37192 CVE-2021-37193

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0b8d7763-5a36-4822-bb88-b30ab6e63f4e