Lucene search

SiemensCVELIST:CVE-2024-39869

HistoryJul 09, 2024 - 12:05 p.m.

CVE-2024-39869

2024-07-0912:05:25

CWE-754

siemens

www.cve.org

sinema remote connect

authenticated attacker

crafted certificates

denial-of-service

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CVSS4

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N

EPSS

Percentile

14.1%

JSON

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the offending certificate needs to be removed manually.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SINEMA Remote Connect Server",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.2 SP1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-381581.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CVSS4

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N

EPSS

Percentile

14.1%

JSON

Related for CVELIST:CVE-2024-39869