CVE-2024-39866

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:hf1:*:*:*:*:*:*

History

21 Nov 2024, 09:28

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/html/ssa-381581.html - Patch, Third Party Advisory () https://cert-portal.siemens.com/productcert/html/ssa-381581.html - Patch, Third Party Advisory

09 Sep 2024, 15:18

Type Values Removed Values Added
CWE NVD-CWE-Other
References () https://cert-portal.siemens.com/productcert/html/ssa-381581.html - () https://cert-portal.siemens.com/productcert/html/ssa-381581.html - Patch, Third Party Advisory
CPE cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:hf1:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
First Time Siemens
Siemens sinema Remote Connect Server
Summary
  • (es) Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (todas las versiones &lt; V3.2 SP1). La aplicación afectada permite a los usuarios cargar archivos de copia de seguridad cifrados. Esto podría permitir que un atacante con acceso a la clave de cifrado de la copia de seguridad y con derecho a cargar archivos de copia de seguridad cree un usuario con privilegios administrativos.

09 Jul 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 12:15

Updated : 2024-11-21 09:28


NVD link : CVE-2024-39866

Mitre link : CVE-2024-39866

CVE.ORG link : CVE-2024-39866


JSON object : View

Products Affected

siemens

  • sinema_remote_connect_server
CWE
CWE-267

Privilege Defined With Unsafe Actions

NVD-CWE-Other