What is CVE-2022-29034?

CVE-2022-29034 is a medium-severity vulnerability in Siemens Sinema Remote Connect Server, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2022-06-14.

How severe is CVE-2022-29034?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Is CVE-2022-29034 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Siemens Sinema Remote Connect Server

CVE-2022-29034

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow a…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.070 (91.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C.

Affected products

Siemens Sinema Remote Connect Server — versions 0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf (x_refsource_MISC)
20220614 SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect (mailing-list, x_refsource_FULLDISC)
packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.0… (x_refsource_MISC)
cert-portal.siemens.com/productcert/html/ssa-484086.html

Frequently asked questions

What is CVE-2022-29034?: CVE-2022-29034 is a medium-severity vulnerability in Siemens Sinema Remote Connect Server, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2022-06-14.
How severe is CVE-2022-29034?: Medium severity. CVSS v3 base score is 6.1 out of 10.
Is CVE-2022-29034 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.