CVE-2024-42344 — Log File Information Exposure in Siemens Sinema Remote Connect Client

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.1%

top 74.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinema Remote Connect Client

Timeline

PublishedSep 10

Description

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/sinema_remote_connect_client< V3.2 SP2

▶NVDsiemens/sinema_remote_connect_client< 3.2+1

Patches

Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-p868-fp4q-w4hx: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3↗2024-09-10

▶

CVEList

CVE-2024-42344: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3↗2024-09-10

▶