CVE-2024-39569

CWE-77 — Command Injection3 documents3 sources

Severity

7.5HIGH

EPSS

2.4%

top 14.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinema Remote Connect Client

Timeline

PublishedJul 9

Description

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/sinema_remote_connect_client< V3.2 HF1

▶NVDsiemens/sinema_remote_connect_client< 3.2+1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-h3fp-5w83-8rcj: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3↗2024-07-09

▶

CVEList

CVE-2024-39569: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3↗2024-07-09

▶