CVE-2022-23102
Published: 09 February 2022
Summary
CVE-2022-23102 is a medium-severity Open Redirect (CWE-601) vulnerability in Siemens Sinema Remote Connect Server. Its CVSS base score is 6.1 (Medium).
Operationally, ranked in the top 9.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
SINEMA Remote Connect Server versions prior to V2.0 contain an open redirect vulnerability tracked as CVE-2022-23102 and CWE-601. The flaw allows an attacker to supply a crafted URL that the application will redirect a user to without proper validation, as reflected in its CVSS 3.1 score of 6.1 with network attack vector, no required privileges, and required user interaction.
An unauthenticated remote attacker can exploit the issue by crafting a malicious link and inducing an authenticated user of the server to click it, resulting in redirection to an attacker-controlled site that can be leveraged for phishing or further social-engineering attacks.
The Siemens ProductCERT advisory SSA-654775 and associated disclosures on Packet Storm and Seclists provide vendor guidance on the affected product and recommended actions.
EPSS for the CVE has remained flat at 0.0558 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-28207
Vulnerability details
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading…
more
to phishing attacks.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.