PT-2019-4793 · Siemens · Sinema Remote Connect Server

Publicado

2019-09-10

Atualizado

2021-10-28

CVE-2019-13922

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SINEMA Remote Connect Server versions prior to V2.0 SP1

Description A security issue has been identified that allows an attacker with administrative privileges and network access to the SINEMA Remote Connect Server to obtain the hash of a connected device's password. This is due to insufficient encryption measures for sensitive data. At the time of reporting, there were no known public exploits of this issue.

Recommendations For versions prior to V2.0 SP1, update to V2.0 SP1 or later to resolve the issue. As a temporary workaround, consider restricting administrative access to the SINEMA Remote Connect Server to minimize the risk of exploitation.

Correção

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311

Identificadores relacionados

BDU:2020-01371

CVE-2019-13922

Produtos afetados

Sinema Remote Connect Server

PT-2019-4793 · Siemens · Sinema Remote Connect Server

CVE-2019-13922

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4