A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/html/ssa-417159.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Sep 2024, 18:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert-portal.siemens.com/productcert/html/ssa-417159.html - Patch, Vendor Advisory | |
First Time |
Siemens
Siemens sinema Remote Connect Client |
|
CPE | cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:sp1:*:*:*:*:*:* cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:hf1:*:*:*:*:*:* cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:-:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
10 Sep 2024, 12:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
10 Sep 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-10 10:15
Updated : 2024-09-10 18:54
NVD link : CVE-2024-42344
Mitre link : CVE-2024-42344
CVE.ORG link : CVE-2024-42344
JSON object : View
Products Affected
siemens
- sinema_remote_connect_client
CWE
CWE-532
Insertion of Sensitive Information into Log File