Siemens SINEMA Remote Connect

Siemens SINEMA Remote Connect Server Cross-site Scripting Vulnerability



A cross-site scripting (XSS) vulnerability in the Siemens SINEMA Remote Connect Server application. Siemens has produced an update to mitigate this vulnerability.


The following SINEMA Remote Connect Server versions are affected:

  • SINEMA Remote Connect Server, all versions prior to Version 1.2


Exploiting this vulnerability could enable attackers to read some files from Siemens SINEMA Remote Connect Server devices. This could enable a remote attacker ongoing access to these devices.


The affected product, SINEMA Remote Connect Server, is a network management appliance for industrial applications and allows network monitoring as well as diagnostics and reporting functions integrated into SCADA systems such as WinCC


The integrated web server (Port 443/TCP) of the affected SINEMA Remote Connect Server could allow XSS attacks if unsuspecting users are tricked into accessing a malicious link.


This vulnerability could be exploited remotely.


Siemens provides software update V1.2 for SINEMA Remote Connect Server which fixes the vulnerability and recommends users update to the new version. The software update for SINEMA Remote Connect Server can be obtained at: