Lucene search

K
vulnrichmentSiemensVULNRICHMENT:CVE-2024-42344
HistorySep 10, 2024 - 9:36 a.m.

CVE-2024-42344

2024-09-1009:36:47
CWE-532
siemens
github.com
4
vulnerability
sinema remote connect
confidentiality
compromise
log file
authenticated attacker

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C

CVSS4

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

9.6%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users’ configuration data.

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C

CVSS4

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

9.6%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-42344