Vulnerability Change Records for CVE-2019-6570

Change History

Modified Analysis 10/06/2020 10:9:24 AM

Action Type Old Value New Value
Removed CVSS V3
NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

								
						
Added CVSS V3.1

								
							
							
						
NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
NIST CWE-863
Removed CWE
NIST CWE-264

								
						

Initial Analysis 4/17/2019 4:18:02 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:* versions up to (excluding) 2.0
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Added CVSS V3

								
							
							
						
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
CWE-264
Changed Reference Type
https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf No Types Assigned
https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf Patch, Vendor Advisory

CVE Modified by Siemens AG 3/15/2021 2:15:16 PM

Action Type Old Value New Value
Changed Description
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization.

An attacker must have access to a low privileged
account in order to exploit the vulnerability.
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.

CVE Modified by Siemens AG 10/09/2019 7:51:31 PM

Action Type Old Value New Value
Added CWE

								
							
							
						
Siemens AG CWE-280