Products
SINEMA Remote Connect Server
- All versions < V3.2 SP1
Source
productcert@siemens.com
Tags
CVE-2024-39870 details
Published : July 9, 2024, 12:15 p.m.
Last Modified : July 9, 2024, 6:19 p.m.
Last Modified : July 9, 2024, 6:19 p.m.
Description
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6.3 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-602 | Client-Side Enforcement of Server-Side Security | The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
Base Score
6.3
Exploitability Score
2.8
Impact Score
3.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References
| URL | Source |
|---|---|
| https://cert-portal.siemens.com/productcert/html/ssa-381581.html | productcert@siemens.com |
This website uses the NVD API, but is not approved or certified by it.