CVE-2019-13922

LOW

SINEMA Remote Connect Server < V2.0 SP1 - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known.

References (1)

[Patch, Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf

Scores

CVSS v3 2.7

EPSS 0.0010

EPSS Percentile 26.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-311

Status published

Products (2)

siemens/sinema_remote_connect_server 2.0 hf1

siemens/sinema_remote_connect_server < 2.0

Published Sep 13, 2019

Tracked Since Feb 18, 2026