VDB
CVE-2022-29034
CVE-2022-29034
PUBLISHED
CVSS 6.099999904632568 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks.
EPSS 7.05% · 91.7th percentile
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
EPSS Score
7.05%
91.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| siemens | sinema_remote_connect_server | 0 |
| siemens | sinema_remote_connect_server | 0 |
| Siemens | SINEMA Remote Connect Server | 0 |
Exploit Intelligence
- http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html (nist-nvd)
- http://seclists.org/fulldisclosure/2022/Jun/35 (nist-nvd)
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf (circl)
- https://cert-portal.siemens.com/productcert/html/ssa-484086.html (circl)
- Linux_Exploit_CVE_2021_4034.yar (github-yara)
- Linux_Exploit_CVE_2021_4034.yar (github-yara)
- Linux_Exploit_CVE_2021_4034.yar (github-yara)
- Linux_Exploit_CVE_2021_4034.yar (github-yara)
- Linux_Exploit_CVE_2021_4034.yar (github-yara)
- Linux_Exploit_CVE_2021_4034.yar (github-yara)
…and 71 more exploits
Timeline
- Jun 14, 2022 CVE Published
- Jun 15, 2022 EPSS Score
- Jun 21, 2022 PoC Published
- Aug 3, 2022 EPSS Score
- Nov 7, 2022 EPSS Score
- Dec 25, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 31, 2023 EPSS Score
- Jul 6, 2023 EPSS Score
- Aug 23, 2023 EPSS Score
- Nov 27, 2023 EPSS Score
- Dec 8, 2023 PoC Published
References
- https://cert-portal.siemens.com/productcert/html/ssa-148078.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-220589.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-988345.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-484086.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-330556.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-145224.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-685781.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-693555.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-911567.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-401167.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-764417.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-712929.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-679335.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-388239.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-631336.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-740594.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-222547.html advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf url
- 20220614 SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect mailing-list
- http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html url
…and 1 more