Описание
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
3.3 Low
CVSS3
Дефекты
Связанные уязвимости
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates.
Уязвимость сервера Siemens SINEMA Remote Connect, связанная с неправильным присвоением разрешений для критичного ресурса, позволяющая нарушителю выполнить атаку типа «человек посередине»
EPSS
3.3 Low
CVSS3