Brute Force Vulnerability in SINEMA Remote Connect Server by Siemens
CVE-2024-39874

8.7HIGH

Key Information:

Vendor: Siemens
Status: Sinema Remote Connect Server
Vendor: CVE Published:; 9 July 2024

Summary

A vulnerability has been identified in SINEMA Remote Connect Server that allows attackers to exploit the absence of proper brute force protection in the Client Communication component. This flaw enables unauthorized access by allowing multiple attempts to guess user credentials, thereby exposing sensitive user information. Organizations utilizing this platform are urged to evaluate their security measures and update to the latest software version to mitigate potential risks.

Affected Version(s)

SINEMA Remote Connect Server 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3815...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jul 9, 2024