The webserver could allow unauthorized actions via special URLs for unprivileged users. The settings of the Unified Management Component (UMC) authorization server could be changed to add a rogue server by an attacker authenticating with unprivileged user rights.
Unprivileged users can access services when guessing the URL. An attacker could impact availability, integrity, and gain information from logs and templates of the service.
Allow authenticated privileges
SINEMA Remote Connect Server: All versions prior to v3.0
Siemens recommends updating to v3.0 or later