CVE-2024-39869

CWE-7543 documents3 sources

Severity

7.1HIGH

EPSS

0.5%

top 34.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinema Remote Connect Server

Timeline

PublishedJul 9

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the offending certificate needs to be removed manually.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/sinema_remote_connect_server< V3.2 SP1

▶NVDsiemens/sinema_remote_connect_server< 3.2+1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

CVEList

CVE-2024-39869: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3↗2024-07-09

▶

GHSA

GHSA-wc4g-7869-crrh: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3↗2024-07-09

▶