{"containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-07-09T12:04:04.527Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code.\r\n\r\nThis could allow attackers to perform reflected cross-site scripting (XSS) attacks."}], "affected": [{"vendor": "Siemens", "product": "SINEMA Remote Connect Server", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"}, {"name": "20220614 SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2022/Jun/35"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"}]}, "adp": [{"affected": [{"vendor": "siemens", "product": "sinema_remote_connect_server", "cpes": ["cpe:2.3:a:siemens:sinema_remote_connect_server:3.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "V3.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-09T15:42:16.347045Z", "id": "CVE-2022-29034", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T15:44:16.431Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:10:58.431Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"}, {"name": "20220614 SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Jun/35"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html", "tags": ["x_transferred"]}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29034", "datePublished": "2022-06-14T09:21:45.000Z", "dateReserved": "2022-04-11T00:00:00.000Z", "dateUpdated": "2024-08-03T06:10:58.431Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2022/Jun/35", "name": "20220614 SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:10:58.431Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-29034", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-09T15:42:16.347045Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:siemens:sinema_remote_connect_server:3.1:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "sinema_remote_connect_server", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T15:44:06.948Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C"}}], "affected": [{"vendor": "Siemens", "product": "SINEMA Remote Connect Server", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "tags": ["x_refsource_MISC"]}, {"url": "http://seclists.org/fulldisclosure/2022/Jun/35", "name": "20220614 SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html", "tags": ["x_refsource_MISC"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code.\r\n\r\nThis could allow attackers to perform reflected cross-site scripting (XSS) attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-07-09T12:04:04.527Z"}}}, "cveMetadata": {"cveId": "CVE-2022-29034", "state": "PUBLISHED", "dateUpdated": "2024-08-03T06:10:58.431Z", "dateReserved": "2022-04-11T00:00:00.000Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2022-06-14T09:21:45.000Z", "assignerShortName": "siemens"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "98CC9C9A-FE14-4D50-A8EC-C309229356C8", "versionEndExcluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code.\r\n\r\nThis could allow attackers to perform reflected cross-site scripting (XSS) attacks."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.1). Una ventana emergente de mensaje de error en la interfaz web de la aplicaci\u00f3n afectada no evita una inyecci\u00f3n de c\u00f3digo JavaScript. Esto podr\u00eda permitir a atacantes llevar a cabo ataques de tipo cross-site scripting (XSS) reflejados"}], "id": "CVE-2022-29034", "lastModified": "2024-11-21T06:58:22.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "productcert@siemens.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-14T10:15:20.207", "references": [{"source": "productcert@siemens.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html"}, {"source": "productcert@siemens.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Jun/35"}, {"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"}, {"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Jun/35"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}