CVE-2021-37190

Published: Sep 14, 2021Modified: Jun 17, 2026

4.3

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.

Affected (3)

Products: Siemens: Sinema Remote Connect Server

Siemens

1 product

Sinema Remote Connect Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinema Remote Connect Server	Before 3.0
Siemens Sinema Remote Connect Server	Version 3.0
Siemens Sinema Remote Connect Server	Version 3.0 sp1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.