OTPulse
FeedAboutContact

Open Redirect Vulnerability in SINEMA Remote Connect Server

Monitor5.4SSA-654775Feb 8, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

SINEMA Remote Connect Server versions earlier than 2.0 contain an open redirect vulnerability. An attacker can craft a malicious link that, when clicked by a user, redirects them to a fake login page controlled by the attacker. This allows the attacker to steal user credentials without needing to compromise the server itself. Siemens has released version 2.0 with a fix.

What this means
What could happen
An attacker could craft a malicious link that redirects users to a fake login page, allowing credential theft. Compromised credentials could grant remote access to SINEMA Remote Connect, which manages secure connections to industrial automation systems.
Who's at risk
Organizations using SINEMA Remote Connect Server for remote access management to Siemens industrial automation systems (PLCs, engineering workstations, remote monitoring stations) should apply this update. System administrators and engineers who use the remote access portal are most at risk.
How it could be exploited
An attacker sends a specially crafted link (via phishing email, social engineering, or posted on a website) to SINEMA Remote Connect users. When a user clicks the link, the application redirects them to an attacker-controlled fake login page. The user enters their credentials thinking they are on the legitimate site, and the attacker captures them.
Prerequisites
  • User must click a malicious link crafted by the attacker
  • User must be running a vulnerable version of SINEMA Remote Connect Server (< V2.0)
  • No valid credentials or special network access required for the attacker
remotely exploitableuser interaction required (click malicious link)low complexityaffects remote access to critical systems
Exploitability
Moderate exploit probability (EPSS 4.9%)
Affected products (1)
ProductAffected VersionsFix Status
SINEMA Remote Connect Server< V2.02.0
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SINEMA Remote Connect Server to version 2.0 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dab68daf-dbf5-45e1-950b-934f4d7e9e62