.. / CVE-2022-23102

Exploit for SINEMA Remote Connect Server < V2.0 - Open Redirect (CVE-2022-23102)

Description:

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.

Nuclei Template

View the template here CVE-2022-23102.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-23102.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://cert-portal.siemens.com/productcert/pdf/ssa-654775.pdf
https://packetstormsecurity.com/files/165966/SIEMENS-SINEMA-Remote-Connect-1.0-SP3-HF1-Open-Redirection.html
https://nvd.nist.gov/vuln/detail/cve-2022-23102
https://seclists.org/fulldisclosure/2022/Feb/20

.. / CVE-2022-23102 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for SINEMA Remote Connect Server < V2.0 - Open Redirect (CVE-2022-23102)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-23102