Products
SINEMA Remote Connect Server
- < V3.2 SP1
Source
productcert@siemens.com
Tags
CVE-2024-39872 details
Published : July 9, 2024, 12:15 p.m.
Last Modified : July 9, 2024, 6:19 p.m.
Last Modified : July 9, 2024, 6:19 p.m.
Description
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9.6 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-378 | Creation of Temporary File With Insecure Permissions | Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
9.6
Exploitability Score
3.1
Impact Score
5.8
Base Severity
CRITICAL
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
References
| URL | Source |
|---|---|
| https://cert-portal.siemens.com/productcert/html/ssa-381581.html | productcert@siemens.com |
This website uses the NVD API, but is not approved or certified by it.