<p>SINEMA Remote Connect Server is affected by multiple vulnerabilities, including</p>
<ul>
<li>A cross-site scripting vulnerability in an error message pop up window (CVE-2022-29034)</li>
<li>Several authentication bypass, privilege escalation and integrity check vulnerabilities (CVE-2022-32251 through -32261)</li>
<li>A command injection vulnerability in the file upload service (CVE-2022-32262)</li>
<li>A chosen-plaintext attack against HTTP over TLS (“BREACH”, CVE-2022-27221)</li>
<li>Information disclosure vulnerabilities in the curl component (CVE-2021-22924 through -22925)</li>
<li>Several vulnerabilities in the libexpat library, that could be exploited when the server is parsing untrusted XML files (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822 through -22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235 through -25236, CVE-2022-25313 through -25315.</li>
</ul>
<p>Siemens has released an update for the SINEMA Remote Connect Server and recommends to update to the latest version. Note that the update also contains additional fixes for vulnerabilities documented in Siemens Security Advisories SSA-244969, SSA-539476, SSA-685781 and SSA-712929.</p>
Source link
