Command Injection Vulnerability in SINEMA Remote Connect Server by Siemens
CVE-2024-39570

8.7HIGH

Key Information:

Vendor
Siemens
Status
Sinema Remote Connect Server
Vendor
CVE Published:
9 July 2024

Summary

A vulnerability exists in the SINEMA Remote Connect Server, which affects all versions prior to V3.2 HF1. This vulnerability stems from inadequate server-side input sanitation when processing VxLAN configurations. As a result, authenticated attackers can exploit this flaw to execute arbitrary commands with root privileges, posing a significant threat to the system's integrity and security.

Affected Version(s)

SINEMA Remote Connect Server 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9287...

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

.
CVE-2024-39570 : Command Injection Vulnerability in SINEMA Remote Connect Server by Siemens | SecurityVulnerability.io