CVE-2024-22045

2024-03-1211:15:49

CWE-538

[email protected]

web.nvd.nist.gov

vulnerability

sinema

remote connect client

sensitive information

nvd

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C

7.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

JSON

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.

Affected configurations

NVD

Node

siemenssinema_remote_connect_clientRange<3.1

siemenssinema_remote_connect_clientMatch3.1-

CPENameOperatorVersion
siemens:sinema_remote_connect_clientsiemens sinema remote connect clientlt3.1

CPE	Name	Operator	Version
siemens:sinema_remote_connect_client	siemens sinema remote connect client	lt	3.1

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SINEMA Remote Connect Client",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.1 SP1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]