Publication Date: 2019-04-09
Last Update: 2021-03-09
Current Version: V1.1
CVSS v3.1 Base Score: 8.3

Affected Product and Versions Remediation
SINEMA Remote Connect Client:
All versions < V2.0 HF1
only affected by CVE-2018-14618, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823
Update to V2.0 HF1
https://support.industry.siemens.com/cs/de/en/view/109764829/
SINEMA Remote Connect Server:
All versions < V2.0
only affected by CVE-2019-6570
Update to V2.0
https://support.industry.siemens.com/cs/de/en/view/109764829/

CVSS v3.1 Base Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE: CWE-131: Incorrect Calculation of Buffer Size

CVSS v3.1 Base Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-125: Out-of-bounds Read

CVSS v3.1 Base Score 8.1
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-121: Stack-based Buffer Overflow

CVSS v3.1 Base Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-125: Out-of-bounds Read

CVSS v3.1 Base Score 8.3
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-280: Improper Handling of Insufficient Permissions or Privileges

https://www.siemens.com/cert/advisories