CVE-2022-32260

Critical

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary…

siemens·CWE-286·Published 2022-06-14

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

295 chars

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.

NVDen

295 chars

NVDes

337 chars

Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). La aplicación afectada crea credenciales de usuario temporales para los usuarios de UMC (User Management Component). Un atacante podría usar estas credenciales temporales para omitir la autenticación en determinados escenarios

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H