SINEMA Remote Connect Server is affected by multiple vulnerabilities, including
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
An additional classification has been performed using the CWE classification, a community-developed list of common software security weaknesses. This serves as a common language and as a baseline for weakness identification, mitigation, and prevention efforts. A detailed list of CWE classes can be found at: https://cwe.mitre.org/.
-t
CURLOPT_TELNETOPTIONS
NEW_ENV
An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code.
The update of SINEMA Remote Connect Server to V3.1 also contains additional fixes for vulnerabilities documented in the following Siemens Security Advisories: