← back
CVE-2022-23102

CVE-2022-23102

EPSS 5.3%CWE-601
In short

SINEMA Remote Connect Server versions before 2.0 contain an open redirect flaw that allows attackers to trick authenticated users into clicking malicious links, potentially leading to phishing attacks where users are redirected to attacker-controlled sites.

Technical detail

Open redirect vulnerability in SINEMA Remote Connect Server (versions < 2.0) allows authenticated attackers to craft malicious URLs that redirect users to external sites; attack vector is social engineering via phishing links, requiring user interaction to click the crafted URL, with impact being credential theft or malware infection through phishing.

Summary generated and translated by AI from the official description.
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.
Affected products
Siemens · SINEMA Remote Connect Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/165966/SIEMENS-SINEMA-Remote-Connect-1.0-SP3-HF1-Open-Redirection.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-654775.pdfhttp://seclists.org/fulldisclosure/2022/Feb/20