Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.1

Act Now9.8SSA-484086Jun 14, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SINEMA Remote Connect Server before version 3.1 contains multiple critical vulnerabilities: authentication bypass and privilege escalation flaws (CVE-2022-32251 through -32261), command injection in the file upload service (CVE-2022-32262), cross-site scripting in error message popups (CVE-2022-29034), HTTP compression information disclosure (CVE-2022-27221), curl component information disclosure (CVE-2021-22924 through -22925), and multiple libexpat XML parsing vulnerabilities (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822 through -22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235 through -25236, CVE-2022-25313 through -25315). These flaws enable unauthenticated remote code execution, administrative access bypass, and data theft from the remote access server.

What this means

What could happen

An attacker could bypass authentication, execute arbitrary commands on the server, escalate privileges, or steal sensitive data from the SINEMA Remote Connect Server without valid credentials. These vulnerabilities could allow an attacker to compromise remote access services, potentially affecting the ability to securely manage distributed industrial assets.

Who's at risk

Organizations using SINEMA Remote Connect Server for secure remote access to industrial networks and devices (PLCs, HMIs, field devices across manufacturing, utilities, and critical infrastructure sectors) should prioritize this update. This server is commonly used in Siemens automation environments to enable secure remote engineering and maintenance access.

How it could be exploited

An attacker on the network can send a crafted HTTP request to the SINEMA Remote Connect Server to exploit the command injection vulnerability in the file upload service, or bypass authentication checks to gain administrative access. XML parsing vulnerabilities can be triggered by uploading malicious XML files. Once authenticated, an attacker could escalate privileges and execute arbitrary system commands, compromising the entire remote access infrastructure.

Prerequisites

Network access to SINEMA Remote Connect Server HTTP/HTTPS ports
No credentials required for initial exploitation of authentication bypass and command injection vulnerabilities

Remotely exploitableNo authentication required for initial accessLow complexity attackMultiple critical vulnerabilities in one packageCommand injection possibleHigh EPSS score (13.3%)Actively monitored for exploitationAffects remote access infrastructure

Exploitability

High exploit probability (EPSS 13.3%)

Affected products (1)

ProductAffected VersionsFix Status

SINEMA Remote Connect Server<V3.13.1

Remediation & Mitigation

0/1

Do now

0/1

HOTFIXUpdate SINEMA Remote Connect Server to version 3.1 or later

CVEs (29)

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/37516707-7e0f-43fd-98e5-8b2ee71a0791