CVE-2024-39866

2024-07-0912:15:17

CWE-267

[email protected]

web.nvd.nist.gov

vulnerability

sinema remote connect server

unauthorized user creation

backup encryption key

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

18.9%

JSON

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges.

Affected configurations

Nvd

Node

siemenssinema_remote_connect_serverRange<3.2

siemenssinema_remote_connect_serverMatch3.2-

siemenssinema_remote_connect_serverMatch3.2hf1

VendorProductVersionCPE
siemenssinema_remote_connect_server*cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
siemenssinema_remote_connect_server3.2cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-:*:*:*:*:*:*
siemenssinema_remote_connect_server3.2cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:hf1:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	sinema_remote_connect_server	*	cpe:2.3:a:siemens:sinema_remote_connect_server::::::::
siemens	sinema_remote_connect_server	3.2	cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-::::::
siemens	sinema_remote_connect_server	3.2	cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:hf1::::::