CVE-2024-39870
published 2024-07-09CVE-2024-39870: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to…
high7.1CVSS 4.0
AVNACLATNPRLUINVCNVINVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sinema_remote_connect_server | < V3.2 SP1 | V3.2 SP1 |
| siemens | sinema_remote_connect_server | < 3.2 | 3.2 |
| siemens | sinema_remote_connect_server | — | — |