Shodan
Vulnerabilities
Vulnerable Software
Siemens:  >> Sinema Remote Connect Server  >> 3.0  Security Vulnerabilities
CVE-2022-32256
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-06-14
CVE-2022-27219
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-06-14
CVE-2022-27220
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-06-14
CVE-2022-25313
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-02-18
CVE-2022-25314
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-02-18
CVE-2022-25315
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVSS Score
9.8
EPSS Score
0.09
Published
2022-02-18
CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVSS Score
9.8
EPSS Score
0.119
Published
2022-02-16
CVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVSS Score
9.8
EPSS Score
0.086
Published
2022-02-16
CVE-2022-23990
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVSS Score
7.5
EPSS Score
0.029
Published
2022-01-26
CVE-2022-23852
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVSS Score
9.8
EPSS Score
0.017
Published
2022-01-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved