Siemens SINEMA Remote Connect Server Cross-site Scripting Vulnerability
The integrated web server (Port 443/TCP) of the affected SINEMA Remote Connect Server could allow XSS attacks if unsuspecting users are tricked into accessing a malicious link.
An attacker with a low skill would be able to exploit this vulnerability. Social engineering is required to convince the user into accessing a malicious link. This decreases the likelihood of a successful exploit.
Siemens provides software update V1.2 for SINEMA Remote Connect Server which fixes the vulnerability and recommends users update to the new version. The software update for SINEMA Remote Connect Server can be obtained at: