CVE-2022-23102

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.

Published: Feb 9, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-23102
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
siemens / sinema_remote_connect_server	-	2.0.x

http://packetstormsecurity.com/files/165966/SIEMENS-SINEMA-Remote-Connect-1.0-SP3-HF1-Open-Redirection.html
http://seclists.org/fulldisclosure/2022/Feb/20
https://cert-portal.siemens.com/productcert/pdf/ssa-654775.pdf

Vulnerability Database

289,599

CVE-2022-23102