CVE-2024-39867

HIGH

SINEMA Remote Connect Server <V3.2 SP1 - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device configuration information of devices for which they have no privileges.

References (1)

[Patch, Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-381581.html

Scores

CVSS v3 7.6

EPSS 0.0039

EPSS Percentile 59.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-425

Status published

Products (2)

siemens/sinema_remote_connect_server 3.2 (2 CPE variants)

siemens/sinema_remote_connect_server < 3.2

Published Jul 09, 2024

Tracked Since Feb 18, 2026