CVE-2022-32256 MEDIUM

CVE-2022-32256

Vendor Siemens

Product SINEMA Remote Connect Server

Weakness CWE-284

Published June 14, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.

Key dates

02Disclosure timeline

June 14, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-32256

Related vulnerabilities

04Related CVE

CVE-2019-1649 Cisco Secure Boot Hardware Tampering Vulnerability CVE-2024-0972 BuddyPress Members Only <= 3.4.8 - Improper Access Control to Sensitive Information Exposure via REST API CVE-2017-20199 Buttercup buttercup-browser-extension Vault access control CVE-2021-42116 Unauthorized Menu Item Access in TopEase CVE-2024-49068 Microsoft SharePoint Elevation of Privilege Vulnerability