CVE-2022-32259

CVSS 6.5 MEDIUMEPSS 0.6%CWE-1244

In short

SINEMA Remote Connect Server versions before 3.1 include test scripts with sensitive information in installation images. An attacker could extract these scripts to learn about the system's testing setup and potentially modify test configurations.

Technical detail

CWE-1244: Sensitive information exposure via debug/test artifacts bundled in production system images. An attacker with access to installation media can extract unit test scripts to discover internal testing architecture and tamper with test configurations, potentially leading to security bypass or system compromise.

Summary generated and translated by AI from the official description.

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

Affected products

Siemens · SINEMA Remote Connect Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cert-portal.siemens.com/productcert/html/ssa-484086.html https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf