CVE-2024-39568

2024-07-0912:15:16

CWE-77

[email protected]

web.nvd.nist.gov

vulnerability

sinema remote connect client

input sanitation

command injection

system privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.2%

JSON

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.

Affected configurations

Nvd

Node

siemenssinema_remote_connect_clientRange<3.2

siemenssinema_remote_connect_clientMatch3.2-

VendorProductVersionCPE
siemenssinema_remote_connect_client*cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*
siemenssinema_remote_connect_client3.2cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	sinema_remote_connect_client	*	cpe:2.3:a:siemens:sinema_remote_connect_client::::::::
siemens	sinema_remote_connect_client	3.2	cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:-::::::