CVE-2021-37193

MEDIUM

SINEMA Remote Connect Server <V3.0 SP2 - Auth Bypass

Title source: llm
STIX 2.1

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa).

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf

Scores

CVSS v3 4.3
EPSS 0.0010
EPSS Percentile 27.6%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-471
Status published
Products (2)
siemens/sinema_remote_connect_server 3.0 (2 CPE variants)
siemens/sinema_remote_connect_server < 3.0
Published Sep 14, 2021
Tracked Since Feb 18, 2026