CVE-2024-22045

CWE-5383 documents3 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 42.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinema Remote Connect Client

Timeline

PublishedMar 12

Description

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:NExploitability: 2.3 | Impact: 4.7

Affected Packages2 packages

▶CVEListV5siemens/sinema_remote_connect_client< V3.1 SP1

▶NVDsiemens/sinema_remote_connect_client< 3.1+1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

CVEList

CVE-2024-22045: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3↗2024-03-12

▶

GHSA

GHSA-6x5m-7q5p-875p: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3↗2024-03-12

▶