A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor authentication for user session establishment.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/html/ssa-869574.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Sep 2024, 18:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert-portal.siemens.com/productcert/html/ssa-869574.html - Vendor Advisory | |
First Time |
Siemens sinema Remote Connect Server
Siemens |
|
CPE | cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:sp1:*:*:*:*:*:* cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-:*:*:*:*:*:* cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:hf1:*:*:*:*:*:* |
10 Sep 2024, 12:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
10 Sep 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-10 10:15
Updated : 2024-09-10 18:54
NVD link : CVE-2024-42345
Mitre link : CVE-2024-42345
CVE.ORG link : CVE-2024-42345
JSON object : View
Products Affected
siemens
- sinema_remote_connect_server
CWE
CWE-384
Session Fixation