CVE-2024-39873

2024-07-0912:15:19

CWE-307

[email protected]

web.nvd.nist.gov

vulnerability

sinema remote connect

brute force protection

web api

user credentials

attacker

brute force attacks

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

32.7%

JSON

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks.

Affected configurations

Nvd

Node

siemenssinema_remote_connect_serverRange<3.2

siemenssinema_remote_connect_serverMatch3.2-

siemenssinema_remote_connect_serverMatch3.2hf1

VendorProductVersionCPE
siemenssinema_remote_connect_server*cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
siemenssinema_remote_connect_server3.2cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-:*:*:*:*:*:*
siemenssinema_remote_connect_server3.2cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:hf1:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	sinema_remote_connect_server	*	cpe:2.3:a:siemens:sinema_remote_connect_server::::::::
siemens	sinema_remote_connect_server	3.2	cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-::::::
siemens	sinema_remote_connect_server	3.2	cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:hf1::::::