CVE-2019-13922

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known.

Published: Sep 13, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-13922
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.7
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-311

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
siemens / sinema_remote_connect_server	2.0-hf1	2.0-hf1.x
siemens / sinema_remote_connect_server	-	2.0.x

https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf

Vulnerability Database

289,697

CVE-2019-13922