Vendor description
"Siemens is a technology company focused on industry, infrastructure, transport, and healthcare. From more resource-efficient factories, resilient supply chains, and smarter buildings and grids, to cleaner and more comfortable transportation as well as advanced healthcare, we create technology with purpose adding real value for customers. By combining the real and the digital worlds, we empower our customers to transform their industries and markets, helping them to transform the everyday for billions of people."
Source: www.siemens.com
Business recommendation
The vendor provides a patched version for the affected product since April 2019, but the security notes have been published now.
An in-depth security analysis performed by security professionals is highly advised, as the software may be affected from further security issues.
Vulnerability overview/description
1) Open Redirect in Login Page (CVE-2022-23102)
An open redirect vulnerability can be triggered by luring a user to authenticate to a SIEMENS-SINEMA Remote Connect device by clicking on a crafted link. By abusing this vulnerability, an attacker could steal logon credentials with a specially crafted phishing page or exploit browser vulnerabilities.
Proof of concept
1) Open Redirect in Login Page (CVE-2022-23102)
After a successful login of the victim, the user will be redirected to www.sec-consult.com when the following link is being clicked:
https: //$IP/wbm/login/?next=https://www.sec-consult.com
Vulnerable / tested versions
The following version has been tested and found to be vulnerable:
- SIEMENS-SINEMA Remote Connect Client V1.0 SP3 HF1