Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-39866

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges.

Published

2024-07-09T12:15:17.683

Last Modified

2024-11-21T09:28:27.273

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-267
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	sinema_remote_connect_server	< 3.2	Yes
Application	siemens	sinema_remote_connect_server	3.2	Yes
Application	siemens	sinema_remote_connect_server	3.2	Yes

References

https://cert-portal.siemens.com/productcert/html/ssa-381581.html Patch, Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-381581.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)