Local User Privilege Escalation in SINEMA Remote Connect Server by Siemens
CVE-2024-39870

7.1HIGH

Key Information:

Vendor: Siemens
Status: Sinema Remote Connect Server
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-39870?

A vulnerability has been detected in SINEMA Remote Connect Server, affecting all versions prior to V3.2 SP1. This vulnerability allows a local authenticated user with privileges to manage user accounts to exploit the application by modifying user details outside their designated permissions. This capability can lead to unauthorized privilege escalation, compromising the system's integrity and potentially allowing attackers to gain elevated access to sensitive resources.

Affected Version(s)

SINEMA Remote Connect Server 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3815...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024