Local User Privilege Escalation in SINEMA Remote Connect Server by Siemens
CVE-2024-39870

7.8HIGH

Key Information:

Vendor: Siemens
Status: Sinema Remote Connect Server
Vendor: CVE Published:; 9 July 2024

Summary

A vulnerability has been detected in SINEMA Remote Connect Server, affecting all versions prior to V3.2 SP1. This vulnerability allows a local authenticated user with privileges to manage user accounts to exploit the application by modifying user details outside their designated permissions. This capability can lead to unauthorized privilege escalation, compromising the system's integrity and potentially allowing attackers to gain elevated access to sensitive resources.

References

https://cert-portal.siemens.com/productcert/html/ssa-3815...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024