{"containers":{"cna":{"providerMetadata":{"orgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","shortName":"siemens","dateUpdated":"2024-07-09T12:04:04.527Z"},"descriptions":[{"lang":"en","value":"A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code.\r\n\r\nThis could allow attackers to perform reflected cross-site scripting (XSS) attacks."}],"affected":[{"vendor":"Siemens","product":"SINEMA Remote Connect Server","versions":[{"status":"affected","version":"0","lessThan":"V3.1","versionType":"custom"}],"defaultStatus":"unknown"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C","baseScore":6.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-79","description":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","type":"CWE"}]}],"references":[{"tags":["x_refsource_MISC"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"},{"name":"20220614 SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://seclists.org/fulldisclosure/2022/Jun/35"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-484086.html"}]},"adp":[{"affected":[{"vendor":"siemens","product":"sinema_remote_connect_server","cpes":["cpe:2.3:a:siemens:sinema_remote_connect_server:3.1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"V3.1","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-09T15:42:16.347045Z","id":"CVE-2022-29034","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-09T15:44:16.431Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T06:10:58.431Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"},{"name":"20220614 SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Jun/35"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-484086.html","tags":["x_transferred"]}]}]},"cveMetadata":{"assignerOrgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","assignerShortName":"siemens","cveId":"CVE-2022-29034","datePublished":"2022-06-14T09:21:45.000Z","dateReserved":"2022-04-11T00:00:00.000Z","dateUpdated":"2024-08-03T06:10:58.431Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}