Lucene search

SiemensCVELIST:CVE-2024-39872

HistoryJul 09, 2024 - 12:05 p.m.

CVE-2024-39872

2024-07-0912:05:28

CWE-378

siemens

www.cve.org

vulnerability

sinema remote connect server

privilege escalation

os level

authenticated attacker

temporary files

manage firmware updates

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:H/VA:N/SA:H

EPSS

0.001

Percentile

18.9%

JSON

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the ‘Manage firmware updates’ role to escalate their privileges on the underlying OS level.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SINEMA Remote Connect Server",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.2 SP1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-381581.html

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:H/VA:N/SA:H

EPSS

0.001

Percentile

18.9%

JSON

Related for CVELIST:CVE-2024-39872