Brute Force Vulnerability in SINEMA Remote Connect Server by Siemens
CVE-2024-39874

7.5HIGH

Key Information:

Vendor: Siemens
Status: Sinema Remote Connect Server
Vendor: CVE Published:; 9 July 2024

Summary

A vulnerability has been identified in SINEMA Remote Connect Server that allows attackers to exploit the absence of proper brute force protection in the Client Communication component. This flaw enables unauthorized access by allowing multiple attempts to guess user credentials, thereby exposing sensitive user information. Organizations utilizing this platform are urged to evaluate their security measures and update to the latest software version to mitigate potential risks.

Affected Version(s)

SINEMA Remote Connect Server 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3815...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024