CVE-2024-39571

2024-07-0912:15:16

CWE-77

[email protected]

web.nvd.nist.gov

command injection

missing input sanitation

snmp configurations

arbitrary code execution

root privileges

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

18.7%

JSON

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges.

Affected configurations

Nvd

Node

siemenssinema_remote_connect_serverRange<3.2

siemenssinema_remote_connect_serverMatch3.2-

VendorProductVersionCPE
siemenssinema_remote_connect_server*cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
siemenssinema_remote_connect_server3.2cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	sinema_remote_connect_server	*	cpe:2.3:a:siemens:sinema_remote_connect_server::::::::
siemens	sinema_remote_connect_server	3.2	cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-::::::