SSA-911567 — Vulnetix

SSA-911567 PUBLISHED CVSS 4.199999809265137 MEDIUM

SINEMA Remote Connect Server is missing HTTP security headers on the web server. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. Siemens has released an update for the SINEMA Remote Connect Server and recommends to update to the latest version.

Risk Scores

CVSS 3.1

4.199999809265137

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	SINEMA Remote Connect Server

Exploit Intelligence

https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf (circl)
https://cert-portal.siemens.com/productcert/txt/ssa-911567.txt (circl)
https://cert-portal.siemens.com/productcert/csaf/ssa-911567.json (circl)
https://support.industry.siemens.com/cs/ww/en/view/109793790/ (circl)

Timeline

CVE Published

References

https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf advisory
https://cert-portal.siemens.com/productcert/txt/ssa-911567.txt advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-911567.json advisory
https://support.industry.siemens.com/cs/ww/en/view/109793790/ fix

Open in Interactive Console →