CVE-2024-39870

CWE-6023 documents3 sources

Severity

7.1HIGH

EPSS

0.2%

top 52.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinema Remote Connect Server

Timeline

PublishedJul 9

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/sinema_remote_connect_server< V3.2 SP1

▶NVDsiemens/sinema_remote_connect_server< 3.2+1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-6w5f-rcwv-682v: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3↗2024-07-09

▶

CVEList

CVE-2024-39870: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3↗2024-07-09

▶