PT-2019-4793 · Siemens · Sinema Remote Connect Server

Published

2019-09-10

Updated

2021-10-28

CVE-2019-13922

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SINEMA Remote Connect Server versions prior to V2.0 SP1

Description A security issue has been identified that allows an attacker with administrative privileges and network access to the SINEMA Remote Connect Server to obtain the hash of a connected device's password. This is due to insufficient encryption measures for sensitive data. At the time of reporting, there were no known public exploits of this issue.

Recommendations For versions prior to V2.0 SP1, update to V2.0 SP1 or later to resolve the issue. As a temporary workaround, consider restricting administrative access to the SINEMA Remote Connect Server to minimize the risk of exploitation.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

BDU:2020-01371

CVE-2019-13922

Affected Products

Sinema Remote Connect Server

PT-2019-4793 · Siemens · Sinema Remote Connect Server

CVE-2019-13922

Weakness Enumeration

Related Identifiers

Affected Products

References · 4