CVE-2024-39871
Last modified
CVE-2024-39871 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sinema Remote Connect Server | < 3.2 |
| Siemens | Sinema Remote Connect Server | 3.2 |
References
- https://cert-portal.siemens.com/productcert/html/ssa-381581.htmlPatch, Vendor Advisory
- https://cert-portal.siemens.com/productcert/html/ssa-381581.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-39871?
How severe is CVE-2024-39871?
How do I fix CVE-2024-39871?
Are you affected by CVE-2024-39871?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST