Vulnerability Details : CVE-2022-32252

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker.

Published 2022-06-14 10:15:21

Updated 2022-06-23 15:07:46

Source Siemens AG

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-32252

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 14 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-32252

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	[email protected]
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-32252

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Assigned by:
- [email protected] (Primary)
- [email protected] (Secondary)

References for CVE-2022-32252

https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-32252

Siemens » Sinema Remote Connect Server
Versions before (<) 3.1
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
Matching versions