CVE-2021-37191

EPSS 0.1%
Published 14.09.2021 11:15:26
Last modified 23.04.2025 20:15:29
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Sinema Remote Connect Server Version < 3.0

Siemens ≫ Sinema Remote Connect Server Version3.0 Update-

Siemens ≫ Sinema Remote Connect Server Version3.0 Updatesp1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.249

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-799 Improper Control of Interaction Frequency

The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-37191

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-37191

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-37191

EUVD