CVE-2022-27219

MEDIUM

SINEMA Remote Connect Server < V3.0 SP2 - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.

References (1)

[Patch, Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf

Scores

CVSS v3 4.3

EPSS 0.0018

EPSS Percentile 38.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-358 CWE-1021

Status published

Products (2)

siemens/sinema_remote_connect_server 3.0 (2 CPE variants)

siemens/sinema_remote_connect_server < 3.0

Published Jun 14, 2022

Tracked Since Feb 18, 2026